github.com/BufferZoneCorp/go-envconfig

MAL-2026-3621

Malicious code in github.com/BufferZoneCorp/go-envconfig (Go)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: google-open-source-security (a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e)
This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters.
The packages in this cluster steal credentials, set up ssh access and tamper with build/workflow environmetn variables.