code execution backdoor

We discovered a potential code execution backdoor in version 0.1.0 of the project, the backdoor is the democritus-hypothesis package. Attackers can upload democritus-hypothesis packages containing arbitrary malicious code. For the safety of this project, the democritus-hypothesis package has been uploaded by us.

![image](https://user-images.githubusercontent.com/58363074/190142085-5a5b24e8-367f-4899-aa5d-ce8734c9f696.png)

The democritus-hypothesis package can be successfully installed using `pip install d8s-dicts==0.1.0`

![image](https://user-images.githubusercontent.com/58363074/190142446-ec6cdaef-5c72-422e-b9c1-b333f4acb89a.png)

Suggestion: remove version 0.1.0 of this project in PyPI

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

code execution backdoor #6

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

code execution backdoor #6

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions