@justin.monster
Reposted
(someone used a carefully crafted branch name to inject a crypto miner into a popular Python package: github.com/ultralytics/...)
Discrepancy between what's in GitHub and what's been published to PyPI for v8.3.41 · Issue #18027 · ultralytics/ultralytics
Bug Code in the published wheel 8.3.41 is not what's in GitHub and appears to invoke mining. Users of ultralytics who install 8.3.41 will unknowingly execute an xmrig miner. Examining the file util...
github.com
December 6, 2024 at 3:28 AM
(someone used a carefully crafted branch name to inject a crypto miner into a popular Python package: github.com/ultralytics/...)