A GitHub token leak could have put the entire Python language at risk

0
7

What if the Python programming language itself was malicious? It would be the most devastating supply chain attack in human history – but it almost happened after an important GitHub token was accidentally leaked. 

Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF).

LEAVE A REPLY

Please enter your comment!
Please enter your name here