September 3, 2022
In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them.
“A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package,” Checkmarx researcher Yehuda Gelb said in a
“A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package,” Checkmarx researcher Yehuda Gelb said in a
Article posted by: https://thehackernews.com/2022/09/warning-pypi-feature-executes-code.html
——————————————————————————————————————–
Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India
Contact us – https://www.infocerts.com