miranov25
commented
2 years ago Removing old version of RootInteractive 0.0.5-> 0.0.19b
Closed di1l0o closed 2 years ago
miranov25
commented
2 years ago Removing old version of RootInteractive 0.0.5-> 0.0.19b
miranov25
commented
2 years ago dear @duxinglin1 The affected versions were removed from the pip. Thank you for reporting.
We found a malicious backdoor in versions 0.0.5~0.0.19b0 of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be installed.When using pip install RootInteractive==0.0.5 -i http://pypi.doubanio.com/simple --trusted-host pypi.doubanio.com, the request malicious plugin can be successfully installed.
Repair suggestion: delete version 0.0.5~0.0.19b0 in PyPI