GitLab: Dependecy Confusion via Lookup Request Forwarding to PyPi.org

Summary pip is probably the most popular Python package manager and can be used to install packages from the publicly available Python Package Index PyPi at pypi.org or form internal package repositories. In the beginning of 2021, a vulnerability type called Dependency Confusion attracted some...