antilles_tools is vulnerable to remote code execution. During installation, there is a dependency confusion due to a package listed in requirements.txt not existing in the public package index (PyPi), causing a private package dependency being replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi.
CPE | Name | Operator | Version |
---|---|---|---|
antilles-tools | eq | 1.0.0 | |
antilles-tools | eq | 1.0.0 |