View in Telegram
层叠 - The Cascading
Ultralytics 的部分版本含有 crypto miner;受影响版本现已被撤回。 - Ultralytics 是一个(自称) state-of-the-art 的包含视觉识别等功能的模型。 - 受影响版本为 8.3.41/42/45/46。 - 骇客似乎透过构造分支名称得以在由 pull_request_target 触发的 CI 中执行任意代码,并获得了 PyPI token 等敏感信息。 [1] https://github.com/ultralytics/ultralytics/issues/18027 1. blog.yossarian.net/~ #Ultralytics #CI #Security
GitHub
Discrepancy between what's in GitHub and what's been published to PyPI for v8.3.41 · Issue #18027 · ultralytics/ultralytics
Bug Code in the published wheel 8.3.41 is not what's in GitHub and appears to invoke mining. Users of ultralytics who install 8.3.41 will unknowingly execute an xmrig miner. Examining the file ...
https://t.center/outvivid/4641
3.6K views
Love Center - Dating, Friends & Matches, NY, LA, Dubai, Global
Love Center - Dating, Friends & Matches, NY, LA, Dubai, Global
Find friends or serious relationships easily