MuPython Package Index (PyPI) dhairekitori rePython mapakeji zvisungo zvakaipa""Uye"", iyo yakaiswa nemunyori mumwechete olgired2017 uye yakavharwa semapakeji anozivikanwa""Uye"(inosiyaniswa nekushandiswa kwe "I" (i) hunhu pachinzvimbo che "l" (L) hunhu muzita). Mushure mekuisa mapakeji ambotaurwa, makiyi ekunyorera uye zvakavanzika zvemushandisi data inowanikwa muhurongwa zvakatumirwa kune server yeanorwisa. Iwo ane dambudziko mapakeji abviswa kubva kuPyPI dhairekitori.
Iyo yakashata kodhi pachayo yaivepo mu "jeIlyfish" package, uye "python3-dateutil" package yakaishandisa sekutsamira.
Mazita akasarudzwa netarisiro yekuti vashandisi vasina kungwarira vangaite typos pakutsvaga () Iyo yakashata "jeIlyfish" package yakaiswa rinenge gore rapfuura, muna Zvita 11, 2018, uye yakaramba isingaonekwe. Iyo "python3-dateutil" package yakaiswa muna Mbudzi 29, 2019, uye mazuva mashoma gare gare yakamutsa fungidziro yemumwe wevagadziri. Hapana ruzivo rwuripo pahuwandu hwekumisikidzwa kwemapaketi ane hutsinye.
Iyo jellyfish package yaisanganisira kodhi yakadhirodha runyoro rwe "hashes" kubva kune yekunze GitLab-based repository. Ongororo yepfungwa iri kuseri kwe "hashes" iyi yakaratidza kuti yaive nebase64-encoded script iyo yakaitwa mushure mekudhikodha. Iyo script yakadzora makiyi eSSH neGPG kubva kune sisitimu, pamwe nemamwe marudzi efaira kubva kudhairekitori repamba uye zvitupa zvePyCharm mapurojekiti, ndokuzoatumira kune yekunze server inomhanya paDigitalOcean gore rezvivakwa.
Source: opennet.ru
