The vulnerability is rated HIGH due to the potential for widespread impact if users install malicious software. Real-world exploitability is high since the attackers have already compromised legitimate repositories, making it difficult for users to distinguish between safe and unsafe packages.
Multiple Python repositories were compromised, leading to the potential distribution of malicious code through trusted sources. Attackers could exploit this vulnerability by tricking users into installing tampered packages, which could result in unauthorized access or data breaches. This affects any system that has installed these compromised packages.
Affected Systems
- Python applications that use affected repositories
Affected Versions: All versions of Python applications using the compromised repositories
Remediation
- Remove any compromised package by executing `pip uninstall
` or similar commands depending on the package manager used. - Update your package lists and reinstall packages from known good sources, ensuring that they are not tampered with.
- Verify integrity of installed packages using checksums from trusted sources.
Stack Impact
Python