You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm a Cyber Security researcher developing PackjGuard [1]. Our tool has detected a deleted dependency vulnerability in this repository.
The package qiskit-quantinuum-provider mentioned in file README at line 14 does not exist on the public Pypi registry. A bad actor can hijack this package to propagate malicious code.
Not only your apps/service is vulnerable to this attack, but users of your open-source Github repo are also vulnerable to this attack.
Please highlight this in file README and register a placeholder package for qiskit-quantinuum-provider on public Pypi soon to remediate.
Thanks!
PackjGuard is a Github app that monitors repos for malicious/vulnerable dependencies and mitigates attacks by creating pull requests for automatic remediation https://github.com/marketplace/packjguard
The text was updated successfully, but these errors were encountered:
I'm a Cyber Security researcher developing PackjGuard [1]. Our tool has detected a deleted dependency vulnerability in this repository.
The package
qiskit-quantinuum-providermentioned in fileREADMEat line 14 does not exist on the public Pypi registry. A bad actor can hijack this package to propagate malicious code.Not only your apps/service is vulnerable to this attack, but users of your open-source Github repo are also vulnerable to this attack.
Please highlight this in file README and register a placeholder package for
qiskit-quantinuum-provideron public Pypi soon to remediate.Thanks!
PackjGuard is a Github app that monitors repos for malicious/vulnerable dependencies and mitigates attacks by creating pull requests for automatic remediation https://github.com/marketplace/packjguard
The text was updated successfully, but these errors were encountered: