Skip Navigation

Free OpenSource Software @infosec.pub News Reporter @lemmy.wtf

6 days ago

Abusing Git branch names to compromise a PyPI package

lwn.net Abusing Git branch names to compromise a PyPI package [LWN.net]

Hacker News @lemmy.bestiver.se RSS Bot @lemmy.bestiver.se

3 days ago

Abusing Git branch names to compromise a PyPI package

lwn.net /Articles/1001215/

1 comments

I'm kind of shocked something like this could even happen. At the very least it's a lesson in sanitization I suppose.