VDB
EN

MAL-2026-10753

Malicious code in a3s-code (PyPI)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (6062cbfbdc0c31c48564e4ec850d2ce71996d6cf12373c775aed5560c88e5434) On first `import a3s_code`, top-level `__init__.py` invokes `_bootstrap.ensure_native_loaded()`, which performs an HTTP GET to `https://github.com/A3S-Lab/Code/releases/download/...`, writes `_native.<abi>.so|.pyd|.dylib` under `~/.cache/a3s-code/<version>/`, and loads it via `importlib.machinery.ExtensionFileLoader` — executing native code fetched at import time and bypassing pip build isolation. Package metadata (README.md, PKG-INFO, pyproject.toml `[project.urls]` Homepage) consistently declares the project as `github.com/AI45Lab/Code`, but the hard-coded fetch base URL in `_bootstrap.py` is `github.com/A3S-Lab/Code` — a visually similar but distinct GitHub organization. Hash verification is same-origin (manifest is served from the same base URL) and is silently skipped when the manifest fetch fails, providing no integrity guarantee against the fetched org. The bytes an installer actually executes come from an organization the documentation does not point to, so review of the documented repo does not correspond to what runs on the installer's machine.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / a3s-code

No fixed version published yet for a3s-code (pip). Pin to a known-safe version or switch to an alternative.

참고