The maintainers of Python Package Index (PyPI) last week issued fixes for three vulnerabilities. One among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanese security researcher RyotaK. He was awarded a total of $3,000 as part of the bug bounty program. The vulnerabilities described in this article had a significant impact on the Python ecosystem, he noted. “As I’ve mentioned several times before, some supply chains have critical vulnerabilities,” he said.
Source: https://thehackernews.com/2021/08/pypi-python-package-repository-patches.html