You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We found a malicious backdoor in versions 0.0.8 of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be installed.When using pip install togglee==0.0.8 -i http://pypi.doubanio.com/simple --trusted-host pypi.doubanio.com, the request malicious plugin can be successfully installed.
Repair suggestion: delete version 0.0.8 in PyPI
The text was updated successfully, but these errors were encountered:
@di1l0o thanks for opening an issue. Can you please give a bit more of context or reference on request (being used by the popular library requests) being malicious?
We found a malicious backdoor in versions 0.0.8 of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be installed.When using pip install togglee==0.0.8 -i http://pypi.doubanio.com/simple --trusted-host pypi.doubanio.com, the request malicious plugin can be successfully installed.
Repair suggestion: delete version 0.0.8 in PyPI
The text was updated successfully, but these errors were encountered: