PYSEC-2022-199

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/ctx/PYSEC-2022-199.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-199

Aliases

GSD-2022-1002521

Published

2022-05-24T17:55:00Z

Modified

2023-11-08T04:24:37.303329Z

Summary

[none]

Details

The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code which collected the content of os.environ.items() when instantiating Ctx objects.

References

https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html

Affected packages

PyPI / ctx

Package

Name: ctx; View open source insights on deps.dev
Purl: pkg:pypi/ctx

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.1.2-1

Affected versions

0.*

0.1.2-1

0.1.2-2

0.1.4

0.2

0.2.1

0.2.2

0.2.2.1

0.2.3

0.2.4

0.2.5

0.2.6

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/ctx/PYSEC-2022-199.yaml"