Maximilian Hils · Oct 11, 2021 · 11:32 AM UTC

Maximilian Hils · Oct 11, 2021 · 11:32 AM UTC

Maximilian Hils

Maximilian Hils @maximilianhils

11 Oct 2021

The more popular you get, the more shit you attract: Someone uploaded "mitmproxy2" to @PyPI, which is the same as regular mitmproxy but with an artificial RCE vulnerability included. 🙄

Oct 11, 2021 · 11:32 AM UTC · TweetDeck

Maximilian Hils · Oct 11, 2021 · 3:12 PM UTC

Maximilian Hils @maximilianhils

11 Oct 2021

Update: @pypi folks have been super responsive, the malicious package has been removed. ♥

Vetle · Oct 11, 2021 · 11:35 AM UTC

Vetle @vetler

11 Oct 2021

Replying to @maximilianhils @pypi

GIF

Remek Żętkowski · Oct 11, 2021 · 11:48 AM UTC

Remek Żętkowski @korran

11 Oct 2021

Replying to @maximilianhils @pypi

"Joined about 3 hours ago" - wow, that's a quick reaction! But also like... It would be good to have some sort of a verification for new accounts.

iChux · Oct 11, 2021 · 1:36 PM UTC

iChux @zuoike

11 Oct 2021

Replying to @maximilianhils @mitmproxy @pypi

Oh wow! That's so wrong. Why are some people bent on evil? And at all costs?

Andreas Meissner · Oct 11, 2021 · 3:19 PM UTC

Andreas Meissner @andreaskardio

11 Oct 2021

Replying to @maximilianhils @pypi

Classic 🤣

FELIquis (ehmals EM-Felix) · Oct 11, 2021 · 3:35 PM UTC

FELIquis (ehmals EM-Felix) @MergencyFe

11 Oct 2021

Digger. Hast du etwa irgendwas verstanden?

more replies

Aldo Cortesi · Oct 11, 2021 · 10:42 PM UTC

Aldo Cortesi @cortesi

11 Oct 2021

Replying to @maximilianhils @pypi

Well done on catching this one so quickly!

Eric Lawrence 🎻 · Oct 11, 2021 · 10:44 PM UTC

Eric Lawrence 🎻 @ericlaw

11 Oct 2021

Replying to @maximilianhils @pypi

Are there "natural" rces?

Maximilian Hils · Oct 11, 2021 · 11:04 PM UTC

Maximilian Hils @maximilianhils

11 Oct 2021

Artificial RCEs = added explicitly with the intention of introducing a vulnerability Natural RCEs = added naturally as part of the regular development process. 😁

more replies