The PyPI repository added a 'leaderboard-parser' package to its security namespace, which may allow malicious actors to exploit namespace reservation for supply chain attacks. Developers or organizations relying on PyPI for Python package management are affected, as this could enable dependency confusion or typosquatting attacks against their projects.
leaderboard-parser added to PyPI
The PyPI repository added a 'leaderboard-parser' package to its security namespace, which may allow malicious actors to exploit namespace reservation for supply chain attacks. Developers or organizations relying on PyPI for Python package management are affected, as this could enable dependency confusion or typosquatting attacks against their projects.