Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.
Software supply chain security company ReversingLabs said it found the « vulnerability » in bootstrap files provided by a build and deployment automation tool named « zc.buildout. »
« The
