CVE-2020-5252: Reliance on Untrusted Inputs in a Security Decision
(updated )
The safety package for Python has a potential security issue. There are two Python characteristics that allow malicious code to poison-pill
command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself.
References
Detect and mitigate CVE-2020-5252 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →