|
|
|
|
|
|
by cookiengineer
242 days ago
|
|
|
This attack surface is essentially unfixed for almost a year now. Remember the python packages that got pwned with a malicious branch name that contained shellshock like code? Yeah, that incident. I blogged about all vulnerable variables at the time and how the attack works from a pentesting perspective [1]. [1] https://cookie.engineer/weblog/articles/malware-insights-git... |
|
|