Issue
- GitHub Personal Access Token has been leaked in a public Docker container hosted on Docker Hub.
- Some of the malicious packages like testbrojct2, proxyfullscraper, proxyalhttp and proxyfullscrapers work for file-matching extensions like .py, .php, .zip, .png, .jpg, and .jpeg.
- If Python is used in any of the projects, will the above-mentioned packages be used?
- Whether this case impact in the e-commerce implementation where the code repository is checked in Git?
Environment
- Liferay Cloud- PaaS
Resolution
- Liferay does not make use of Python, hence the customer environment cannot be impacted by any Python vulnerability or breach.
Additional Information
https://thehackernews.com/2024/07/github-token-leak-exposes-pythons-core.html