Closed tstromberg closed 1 week ago
Multiple false positives in katib-earlystopping:
/home/t/packages/x86_64/katib-earlystopping-0.16/opt/katib/cmd/earlystopping/medianstop/v1beta1/lib/python3.10/site-packages/pip/_internal/utils/setuptools_build.py [🚨 CRITICAL] ---------------------------------------------------------------------------------------------------------- RISK KEY DESCRIPTION EVIDENCE ---------------------------------------------------------------------------------------------------------- CRIT combo/backdoor/py_setuptools Python library installer that evaluates arbitrary code exec(compile ---------------------------------------------------------------------------------------------------------- /home/t/packages/x86_64/katib-earlystopping-0.16/opt/katib/cmd/earlystopping/medianstop/v1beta1/lib/python3.10/site-packages/setuptools/build_meta.py [🚨 CRITICAL] ------------------------------------------------------------------------------------------------------- RISK KEY DESCRIPTION EVIDENCE ------------------------------------------------------------------------------------------------------- CRIT combo/backdoor/py_setuptools Python library installer that evaluates arbitrary code exec(code ------------------------------------------------------------------------------------------------------- /home/t/packages/x86_64/katib-earlystopping-0.16/opt/katib/cmd/earlystopping/medianstop/v1beta1/lib/python3.10/site-packages/setuptools/command/easy_install.py [🚨 CRITICAL] ----------------------------------------------------------------------------------------------------------- RISK KEY DESCRIPTION EVIDENCE ----------------------------------------------------------------------------------------------------------- CRIT evasion/py_setuptools/random Python library installer that exhibits random behavior import random ----------------------------------------------------------------------------------------------------------- /home/t/packages/x86_64/katib-earlystopping-0.16/opt/katib/cmd/earlystopping/medianstop/v1beta1/lib/python3.10/site-packages/setuptools/discovery.py [🚨 CRITICAL] ------------------------------------------------------------------------------------ RISK KEY DESCRIPTION EVIDENCE ------------------------------------------------------------------------------------ CRIT combo/backdoor/remote_eval Executes code from a remote source include(pack ------------------------------------------------------------------------------------ /home/t/packages/x86_64/katib-earlystopping-0.16/opt/katib/cmd/earlystopping/medianstop/v1beta1/lib/python3.10/site-packages/setuptools/package_index.py [🚨 CRITICAL] ----------------------------------------------------------------------------------- RISK KEY DESCRIPTION EVIDENCE ----------------------------------------------------------------------------------- CRIT combo/dropper/python setuptools script that fetches and executes ----------------------------------------------------------------------------------- /home/t/packages/x86_64/katib-earlystopping-0.16/opt/katib/cmd/earlystopping/medianstop/v1beta1/lib/python3.10/site-packages/setuptools/sandbox.py [🚨 CRITICAL] ------------------------------------------------------------------------------------------------------- RISK KEY DESCRIPTION EVIDENCE ------------------------------------------------------------------------------------------------------- CRIT combo/backdoor/py_setuptools Python library installer that evaluates arbitrary code exec(code -------------------------------------------------------------------------------------------------------
Multiple false positives in katib-earlystopping: