Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

code execution backdoor #1

Closed
di1l0o opened this issue May 14, 2022 · 2 comments
Closed

code execution backdoor #1

di1l0o opened this issue May 14, 2022 · 2 comments

Comments

@di1l0o
Copy link

di1l0o commented May 14, 2022

We found a malicious backdoor in version 0.2 of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be installed.When using pip3 install pyanxdns==0.2 -i http://pypi.doubanio.com/simple --trusted-host pypi.doubanio.com, the request malicious plugin can be successfully installed.

image

Repair suggestion: delete version 0.2 in PyPI.
@egeback
Copy link
Owner

egeback commented Jun 10, 2022
edited

Hi

The dependency in setup.py has been fixed this was a typo. Older versions on PyPI removed. Added information to the README.md, old versions deleted from PyPI, new version uploaded.

Regards, Marky

@egeback
Copy link
Owner

egeback commented Jun 15, 2022

I will close this issue.

//Marky

@egeback egeback closed this as completed Jun 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@egeback @di1l0o