The more popular you get, the more shit you attract: Someone uploaded "mitmproxy2" to @PyPI, which is the same as regular mitmproxy but with an artificial RCE vulnerability included. 🙄

Oct 11, 2021 · 11:32 AM UTC · TweetDeck

7
14
6
67
Update: @pypi folks have been super responsive, the malicious package has been removed. ♥
14
"Joined about 3 hours ago" - wow, that's a quick reaction! But also like... It would be good to have some sort of a verification for new accounts.
1
Oh wow! That's so wrong. Why are some people bent on evil? And at all costs?
Digger. Hast du etwa irgendwas verstanden?
1
2
Well done on catching this one so quickly!
3
Are there "natural" rces?
1
Artificial RCEs = added explicitly with the intention of introducing a vulnerability Natural RCEs = added naturally as part of the regular development process. 😁
2
8