The developers urge all developers who installed version 0.23.3 to take the following steps immediately:
1. Check your installed version:
pip show elementary-data | grep Version2. If the version is 0.23.3, uninstall it and replace it with the safe version:
pip uninstall elementary-data
pip install elementary-data==0.23.4In your requirements and lock files, explicitly set elementarydata==0.23.4.
3. Delete your cache files to avoid artifacts.
4. Check the malware marker file on any machine where the CLI was executed: if this file is present, the payload was executed on that machine.
macOS / Linux: /tmp/.trinny-security-update
Windows: %TEMP%\\.trinny-security-update5. Rotate all credentials that could be accessed from the environment where 0.23.3 was run: dbt profiles, vault credentials, cloud provider keys, API tokens, SSH keys, and the contents of any .env files. CI/CD runners are especially exposed because they typically have large sets of secrets mounted at runtime.
6. Contact your security team to look for unauthorized use of exposed credentials. The relevant COIs are at the end of this post.
Over the past decade, supply chain attacks against open source repositories have become increasingly common. In some cases, they have achieved a chain of compromises as the malicious package leads to user breaches and, from there, breaches resulting from the compromise of user environments.
HD Moore, a hacker with more than four decades of experience and founder and CEO of runZero, said user-developed repository workflows, such as GitHub Actions, are known to harbor vulnerabilities.
It’s “a major problem for open source projects with open repositories,” he said. “It’s really hard not to accidentally create dangerous workflows that can be exploited by an attacker’s pull request.”
he said this package can be used to check for such vulnerabilities.
