pysec-2025-8
Vulnerability from pysec
Published
Modified
2025-03-17 16:35
Details

The pygments-style-solarized project was removed from PyPI by its owner on 2021-08-26. The GitHub repository was also updated to show unmaintained, and archived on 2025-08-31.

Another user uploaded a new version, 100.10.7, which contains non-working code, with clear language that it intends to be a dependency confusion attack. It also does not contain working hacking code.

The name has been prohibited on from use on PyPI on 2021-12-12.

Impacted products
Name purl
pygments-style-solarized pkg:pypi/pygments-style-solarized


To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pygments-style-solarized",
        "purl": "pkg:pypi/pygments-style-solarized"
      },
      "versions": [
        "100.10.7"
      ]
    }
  ],
  "details": "The `pygments-style-solarized` project was removed from PyPI by its owner on 2021-08-26.\nThe GitHub repository was also updated to show unmaintained, and archived on 2025-08-31.\n\nAnother user uploaded a new version, `100.10.7`, which contains non-working code,\nwith clear language that it intends to be a dependency confusion attack.\nIt also does not contain working hacking code.\n\nThe name has been prohibited on from use on PyPI on 2021-12-12.\n",
  "id": "PYSEC-2025-8",
  "modified": "2025-03-17T16:35:37+00:00",
  "references": [
    {
      "type": "EVIDENCE",
      "url": "https://inspector.pypi.io/project/pygments-style-solarized/100.10.7/packages/f8/de/dc31f9eb4322bbce87fe341f9b4e2fc31587dedc785de629af3e53b1c1f5/pygments-style-solarized-100.10.7.tar.gz/pygments-style-solarized-100.10.7/pygments-style-solarized/pygments-style-solarized.py#line.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shkumagai/pygments-style-solarized/pull/22/files"
    }
  ],
  "summary": "After the owner removed the project from PyPI, another user uploaded a new version with non-working code"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.