{"id":"PYSEC-2024-154","summary":"A number of releases of ultralytics contained malicious crypto miner software.","details":"Ultralytics has identified a supply chain attack\naffecting affecting multiple versions of the ultralytics package.\nThe compromised versions contained unauthorized code that\ndownloaded and executed cryptocurrency mining software\nwhen instantiating YOLO models.\nThis code was injected into the PyPI release artifacts and was not present\nin the public GitHub repository.\n","modified":"2026-02-04T02:49:37.008210Z","published":"2024-12-10T19:43:04.050935Z","related":["GHSA-7x29-qqmq-v6qc"],"references":[{"type":"EVIDENCE","url":"https://inspector.pypi.io/project/ultralytics/8.3.41/packages/d0/99/13d92174aa6a470d348a95e31164769f2cdf77838ea3c3e3fd476285777d/ultralytics-8.3.41-py3-none-any.whl/ultralytics/utils/downloads.py#line.284"},{"type":"WEB","url":"https://github.com/ultralytics/ultralytics/pull/18020#issuecomment-2525180194"},{"type":"REPORT","url":"https://github.com/ultralytics/ultralytics/issues/18027"},{"type":"FIX","url":"https://github.com/ultralytics/ultralytics/pull/18052"},{"type":"FIX","url":"https://github.com/ultralytics/ultralytics/pull/18111"},{"type":"FIX","url":"https://github.com/ultralytics/ultralytics/releases/tag/v8.3.48"},{"type":"ARTICLE","url":"https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection"}],"affected":[{"package":{"name":"ultralytics","ecosystem":"PyPI","purl":"pkg:pypi/ultralytics"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.3.41"},{"fixed":"8.3.47"}]}],"versions":["8.3.41","8.3.42","8.3.45","8.3.46","8.3.43","8.3.44"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ultralytics/PYSEC-2024-154.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}]}