Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

code execution backdoor #9

Open
di1l0o opened this issue Sep 23, 2022 · 0 comments
Open

code execution backdoor #9

di1l0o opened this issue Sep 23, 2022 · 0 comments
Labels
bug Something isn't working

Comments

@di1l0o
Copy link

di1l0o commented Sep 23, 2022

We discovered a potential code execution backdoor in version 0.1.0 of the project, the backdoor is the democritus-csv package. Attackers can upload democritus-csv packages containing arbitrary malicious code. For the safety of this project, the democritus-csv package has been uploaded by us.

image

The democritus-csv package can be successfully installed using pip install d8s-asns==0.1.0

image

Suggestion: remove version 0.1.0 of this project in PyPI

@di1l0o di1l0o added the bug Something isn't working label Sep 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant