A vulnerability in the GitHub Actions workflow for PyPI’s source repository could be exploited to perform a malicious pull request and eventually execute arbitrary code on pypi.org, according to a warning from a Japanese security researcher.
Support the originator by clicking the read the rest link below.