The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability.
The official 'mitmproxy' Python library is a free and open-source interactive HTTPS proxy with over 40,000 weekly downloads.
Copycat package could trick devs into falling for 'newer' version
Yesterday, Maximilian Hils, who is one of the developers behind the 'mitmproxy' Python library drew everyone's attention towards a counterfeit 'mitmproxy2' package uploaded to PyPI.
'mitmproxy2' is essentially "the same as regular mitmproxy but with an artificial RCE vulnerability included."
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
