Source distributions (sdist) can execute arbitrary code during installation via setup.py, making them a common attack vector for supply chain attacks. Unlike pre-built wheels, source distributions ...
In the PyPI attack, a malicious pull request exploited a script-injection flaw in a GitHub Actions workflow to add base64-encoded infostealer code to release 0.23.3, also affecting the project's ...
一部の結果でアクセス不可の可能性があるため、非表示になっています。
アクセス不可の結果を表示する