Datadog Security Labs Identifies compromised Python package FastAPI that allows remote attackers to execute arbitrary python code and SQL queries in the context of the web application

Thursday, November 24, 2022 • 6:40 EST

On November 23rd, 2022, the Datadog Security Labs team identified a utility Python package on PyPI related to FastAPI, , that has likely been compromised by a malicious actor. • We reported the malicious PyPI package to the PyPI team, as well as the malicious GitHub commit to GitHub. The attacker inserted a backdoor in the package, adding a FastAPI route allowing a remote attacker to execute arbitrary python code and SQL queries in the context of the web application. FastAPI is a highly popular Python web framework with over 50,000 GitHub stars and used by large corporations like Microsoft, Uber, and Netflix. We recently released GuardDog, a free and open-source tool to identify malicious PyPI packages. You can download the full source code of the malicious package on our GitHub repository. • We identified this malicious package on November 23 using our latest open source tool, GuardDog, which uses heuristics to identify malicious or compromised PyPI packages. We also promptly reported the malicious package to the PyPI team to ensure it gets taken down. (datadoghq.com). Continue reading.