GHSA-x6xg-3fj2-4pq3

Опубликовано: 30 авг. 2024

Источник: github

Github: Прошло ревью

Описание

exotel project on PyPI compromised, malicious release made

The exotel project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time

Ссылки

https://github.com/pypa/advisory-database/tree/main/vulns/exotel/PYSEC-2022-250.yaml
https://twitter.com/pypi/status/1562442207079976966

Пакеты

Наименование

exotel

pip

Затронутые версииВерсия исправления

= 0.1.6

Отсутствует