GammaGrove

Loading

A GitHub token leak could have put the entire Python language at risk

A GitHub token leak could have put the entire Python language at risk



What if the Python programming language itself was malicious? It would be the most devastating supply chain attack in human history – but it almost happened after an important GitHub token was accidentally leaked. 

Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF).



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *