{"id":"PYSEC-2022-199","details":"The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code which collected the content of os.environ.items() when instantiating Ctx objects.","aliases":["GSD-2022-1002521"],"modified":"2023-11-08T04:24:37.303329Z","published":"2022-05-24T17:55:00Z","references":[{"type":"ARTICLE","url":"https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html"}],"affected":[{"package":{"name":"ctx","ecosystem":"PyPI","purl":"pkg:pypi/ctx"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.1.2-1"}]}],"versions":["0.1.2-1","0.1.2-2","0.1.4","0.2","0.2.1","0.2.2","0.2.2.1","0.2.3","0.2.4","0.2.5","0.2.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ctx/PYSEC-2022-199.yaml"}}],"schema_version":"1.7.3"}