Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34060: togglee

The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

CVE
Open in Source
#vulnerability#git#backdoor

Project description

****Motivation****

Simple library to separate deployment of features from release time. It uses network accesible files without the need of a server to provide feature toggles.

****Installation****

add it to your project using pip install togglee

****Usage****

from togglee import Togglee

url = “https://gist.githubusercontent.com/kanekotic/c469f99bef5a5c0634b4a94a4acd6546/raw/b67985d8e3a5112c9be2da47bdadf2cf17edbe44/toggles” refresh_rate_seconds = 5 default_values = [ { "name": "prop", "type": "release", "value": True } ] subject = Togglee(url, refresh_rate_seconds, default_values) if subject.is_enabled(“prop”): print(“do stuff”) else: print(“dont do stuff”)

****Type of toggles****

Release

Simple true/false logical path definition.

{ "type": "release", "value": true, }

Context

Allows complex logic to decide the outcome of the logical path (example traffic, users, resources available).

{ "type": "context", "conditions": [ { "field": "username", "value": "user1", "operation": “eq” } ] }

available operations are:

  • ‘eq’: equal (===)
  • ‘ne’: not equal (!==)
  • ‘gt’: greater than (>)
  • ‘ge’: greater equal (>=)
  • ‘lt’: lesser than (<)
  • ‘le’: lesser qqual (<=)

Download files

Download the file for your platform. If you’re not sure which to choose, learn more about installing packages.

Source Distribution****Built Distribution

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE