Arbitrary code execution when activating a virtual environment after install a wheel

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for konstin from gravatar.com konstin

Unverified details

These details have not been verified by PyPI
Meta
  • Author: konstin
  • Requires: Python >=3.9.0
Report project as malware

Project description

venvasion

Arbitrary code execution when activating a virtual environment after install a wheel.

This package exists to demonstrate that you should never build a virtual environment or install packages from untrusted sources: You don't even need to run a python interpreter to trigger the code execution.

Usage:

uv venv test-venv
. test-venv/bin/activate
uv pip install --no-build venvasion
. test-venv/bin/activate # oops!

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for konstin from gravatar.com konstin

Unverified details

These details have not been verified by PyPI
Meta
  • Author: konstin
  • Requires: Python >=3.9.0

Release history Release notifications | RSS feed

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

venvasion-0.1.2.tar.gz (2.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

venvasion-0.1.2-py3-none-any.whl (2.8 kB view details)

Uploaded Python 3

File details

Details for the file venvasion-0.1.2.tar.gz.

File metadata

  • Download URL: venvasion-0.1.2.tar.gz
  • Upload date:
  • Size: 2.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.5.4

File hashes

Hashes for venvasion-0.1.2.tar.gz
Algorithm Hash digest
SHA256 ced9e318fc0fea8723707b2bf9939223725c456cf6be890857d0b8d65578b951
MD5 3b0021b1e8f326ead437a4edd0b0518a
BLAKE2b-256 af4c3ad153204965f7c689510695d8964ab94e83b9c7f1e253f162623620cd6e

See more details on using hashes here.

File details

Details for the file venvasion-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: venvasion-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 2.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.5.4

File hashes

Hashes for venvasion-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 6e58d3e7dd49ed0fa1287ebc5f01403c943dd7e5aab83b0d7ae5aa7087db5498
MD5 33865c8501f1cbeb6c0d7c76efc95625
BLAKE2b-256 d0bd73847041cb33b71b8f5a4cd60465b71e2daa79675635673b88495ec40579

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page