MAL-2026-4745

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (868fbff2db730a4a67f808b6c9bd35aa78392be592adb2d66d6be659772610f6) This package is published as `clearml-truen-patch` but its PKG-INFO/setup.py declare Author=`ClearML`, Author-email=`support@clear.ml`, and Home-page=`https://github.com/clearml/clearml`, falsely presenting it as a first-party release of the legitimate ClearML SDK. The actual modifications are by an unrelated third party (Korean-language `# truen patch:` comments in datasets/dataset.py:3588). At install time, setup.py's PostInstall hook calls `_apply_overlay()` which invokes `clearml_truen_patch._install.run(force=True)`; that function locates the on-disk `clearml/` directory of the legitimate `clearml` package in site-packages and uses `shutil.copy2` to copy this package's files (including backend_api/session.py, task.py, model.py, storage/helper.py) over clearml's installed files. After install, `import clearml` resolves to the third-party author's code instead of upstream ClearML. The package additionally ships `clearml_truen_patch.pth`, which is auto-loaded by site.py at every Python interpreter startup and runs `import clearml_truen_patch._autoapply`. That module calls `_install.run(force=True)` whenever `needs_apply()` detects that clearml's files differ from this package's source fingerprint, so any attempt by the user to reinstall or repair `clearml` to restore upstream code is silently reverted on the next Python invocation. The combination — falsified publisher identity, install-time overwrite of another publisher's installed package, and a self-healing.pth persistence mechanism — gives the third-party author durable control over the `clearml` import surface on every installer's machine. Even if the current overlay diff is benign, any future release can trojan a widely used ML SDK with no further consent from installers.