Attackers managed to exploit a vulnerability in the Github Actions Processor of Ultralytics , a Python library used for computer vision tasks such as object detection and image segmentation. Upon gaining access to the repository, the attackers made unauthorized changes and released new versions of Ultralytics on Pypi that included malicious code for mining cryptocurrencies. The Ultralytics library has been downloaded from the Pypi catalog more than 6.4 million times in the past month.
The compromise of the repository was facilitated by a vulnerability in the Ultralytics-Actions package , which is used to automate processes on Github when specific actions are performed on the repository using Github’s Actions mechanism . Within the Ultralytics project, a processor was attached to the Pull_request_Target event to handle incoming Pull Requests. This processor, named Format.yml , executed code specified in the “Run” section Action.yml. The code contained vulnerabilities that allowed for unauthorized substitutions in scripts.
Without proper sanitization, the name of the branch in pull requests was susceptible to manipulation. The Ultralytics-Actions package had previously been patched for a similar vulnerability related to the misuse of values in the Echo function for running Github Actions. The attackers exploited this vulnerability to inject malicious code into the Ultralytics repository, leading to unauthorized execution of scripts.