We found a malicious backdoor in versions 0.2.0b0~0.2.6.0b0 of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be installed.When using pip install dr-web-engine==0.2.6.0b0 -i http://pypi.doubanio.com/simple --trusted-host pypi.doubanio.com, the request malicious plugin can be successfully installed.
Repair suggestion: delete version 0.2.0b0~0.2.6.0b0 in PyPI
The text was updated successfully, but these errors were encountered:
We found a malicious backdoor in versions 0.2.0b0~0.2.6.0b0 of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be installed.When using pip install dr-web-engine==0.2.6.0b0 -i http://pypi.doubanio.com/simple --trusted-host pypi.doubanio.com, the request malicious plugin can be successfully installed.
Repair suggestion: delete version 0.2.0b0~0.2.6.0b0 in PyPI
The text was updated successfully, but these errors were encountered: