Account Takeover and Malicious Replacement of ctx Project — Python Security 0.0 documentation
python-security.readthedocs.io · May 24
The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code which collected the content of os.environ.items() when instantiating Ctx objects. The captured environment variables were sent as a base64 encoded query par...