{ads}

Warning: PyPI Feature Executes Code Automatically After Python Package Download

Written By Friday, 2 September 2022 Add Comment



September 02, 2022 at 03:51PM

In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb said in a

from The Hacker News https://ift.tt/CEyX5Bk

0 Response to "Warning: PyPI Feature Executes Code Automatically After Python Package Download"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads