GSD-2022-1002521

Import Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002521.json
Aliases
Withdrawn
2023-03-14T07:01:09.291593Z
Published
2022-05-24T16:49:59.126662Z
Modified
2023-11-08T04:24:37.303329Z
Details

In PyPI ctx version 0.1.2-1, 0.1.2-2, 0.1.4, 0.2, 0.2.1, 0.2.2, 0.2.2.1, 0.2.3, 0.2.4, 0.2.5, 0.2.6 a backdoor exists in the ctx package that can be attacked via a malicious package update resulting in credential theft from environment variables

References

Affected packages