Headline
CVE-2022-31313: code execution backdoor · Issue #1 · rakeshrkz7/as_api_res
api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.
We found a malicious backdoor in version 0.1 of this project in PyPI, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be installed.When using pip3 install api-res-py -i http://pypi.doubanio.com/simple --trusted-host pypi.doubanio.com, the request malicious plugin can be successfully installed.
Repair suggestion: delete version 0.1 in PyPI.
Your project in PyPI:https://pypi.org/project/api-res-py/