MuPython package dhairekitori PyPI (Python Package Index) zvisungo zvakaipa""Uye"", iyo yakaiswa nemunyori mumwechete olgired2017 uye yakavharwa semapakeji anozivikanwa ""Uye"" (inosiyaniswa nekushandiswa kwechiratidzo "Ini" (i) pachinzvimbo che"l" (L) muzita). Mushure mekuisa mapakeji akatsanangurwa, makiyi ekunyorera uye zvakavanzika zvemushandisi data inowanikwa muhurongwa zvakatumirwa kune server yeanorwisa. Iwo ane dambudziko mapakeji abviswa kubva kuPyPI dhairekitori.
Iyo yakashata kodhi pachayo yaivepo mu "jeIlyfish" package, uye "python3-dateutil" package yakaishandisa sekutsamira.
Mazita akasarudzwa zvichienderana nevashandisi vasina hanya vakaita typos pakutsvaga () Iyo yakaipa package "jeIlyfish" yakatorwa rinenge gore rapfuura, muna Zvita 11, 2018, uye yakaramba isingaonekwe. Iyo package "python3-dateutil" yakaiswa munaNovember 29, 2019 uye mazuva mashoma gare gare yakamutsa fungidziro pakati pemumwe wevagadziri. Ruzivo rwehuwandu hwekumisikidzwa kwemapaketi ane hutsinye hauna kupihwa.
Iyo jellyfish package yaisanganisira kodhi yakadhirodha runyoro rwe "hashes" kubva kune yekunze GitLab-based repository. Ongororo yepfungwa yekushanda neaya "hashes" yakaratidza kuti ine script yakavharidzirwa uchishandisa base64 basa uye yakatangwa mushure mekudhikodha. Iyo script yakawana makiyi eSSH neGPG muhurongwa, pamwe nemamwe marudzi emafaira kubva kudhairekitori repamba uye zvitupa zvePyCharm mapurojekiti, ndokuzoatumira kune yekunze server inomhanya paDigitalOcean gore rezvivakwa.
Source: opennet.ru