GuardDog, a CLI tool for identifying malicious PyPI packages, contains an output sanitization flaw in versions 2.6.0 through 2.9.0. The tool includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. This allows a malicious package to inject ANSI or OSC escape sequences into analyst terminals or CI [truncated]
GuardDog, a CLI tool for identifying malicious PyPI packages, contains a critical vulnerability in its programmatic remote project scanning functionality from versions 1.0.0 to 2.9.0. The flaw stems from improper handling of attacker-controlled repository URLs through blind string replacement, combined with the transmission of the caller's GitHub credentials alongside the modified request. This enables Se [truncated]
