Headline
CVE-2022-34501: code execution backdoor · Issue #2 · Gmiller290488/bin_collection
The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.
We found a malicious backdoor in versions 0.1 of this project, and its malicious backdoor is the request package. Even if the request package was removed by pypi, many mirror sites did not completely delete this package, so it could still be installed.When using pip install bin-collection -i http://pypi.doubanio.com/simple --trusted-host pypi.doubanio.com, the request malicious plugin can be successfully installed.
Repair suggestion: delete version 0.1 in PyPI, replace request with requests
Your project url: https://pypi.org/project/bin-collection/