In PyPI ctx version 0.1.2-1, 0.1.2-2, 0.1.4, 0.2, 0.2.1, 0.2.2, 0.2.2.1, 0.2.3, 0.2.4, 0.2.5, 0.2.6 a backdoor exists in the ctx package that can be attacked via a malicious package update resulting in credential theft from environment variables