python-dotenv 安全漏洞

python-dotenv is a Python environment management tool developed by Saurabh Kumar. Versions of python-dotenv prior to version 1.2.2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the setkey and unsetkey functions when dealing with symbolic links, which could allo...

PT-2026-33800

Summary set key and unset key in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Details The rewrite context manager in dotenv/main.py is used by both set...

Malicious code in python-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bf133022adafc8949f152dac2e99730580ca64a570cf0aeae36b7f81f3c1db9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview python-dotenv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-32984

Malicious code in python-dotenv npm...

MAL-2025-48037 Malicious code in python-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bf133022adafc8949f152dac2e99730580ca64a570cf0aeae36b7f81f3c1db9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...