Legacy Python Bootstrap Scripts Enable Domain Takeover Risk in PyPI Packages
Security researchers have identified a vulnerability in legacy Python packages distributed via PyPI, stemming from outdated bootstrap scripts that reference the now-defunct domain python-distribute[.]org. These scripts, associated with the zc.buildout tool, automate the download and installation of dependencies, including the obsolete 'Distribute' package, by fetching installation scripts from the aforementioned domain. Since the domain is currently up for sale and managed for ad revenue, an attacker who acquires it could serve malicious code to any environment executing these legacy bootstrap scripts, potentially compromising the software supply chain.
The affected packages include widely used libraries such as tornado, pypiserver, slapos.core, roman, xlutils, and testfixtures, among others. While the vulnerable code is largely unused in modern development, it may still be present in legacy production environments, posing a latent risk. The issue highlights the ongoing dangers of abandoned infrastructure and the importance of auditing dependencies and installation scripts, especially in open-source ecosystems where legacy code may persist unnoticed.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
ReversingLabs published PoC and affected-package details
As part of the disclosure, ReversingLabs released a proof of concept and shared affected package names and script hashes as indicators to help defenders identify exposure. The researchers noted no known exploitation of this specific issue.
ReversingLabs disclosed PyPI domain-takeover supply chain risk
ReversingLabs researchers identified and publicly disclosed that legacy Python bootstrap scripts could enable a supply chain attack if an attacker acquired `python-distribute.org` and served malicious code to users who manually ran the scripts.
Legacy PyPI packages retained vulnerable bootstrap scripts
Over time, multiple Python packages continued shipping old `distribute_setup.py` or `bootstrap.py` code that fetched and executed content from the abandoned domain, including `slapos.core` and development versions of Tornado.
python-distribute.org domain became available for sale
The `python-distribute.org` domain, still hard-coded in legacy Python bootstrap scripts, has reportedly been available for purchase since 2014, creating the possibility of a future domain-takeover supply chain attack.
Distribute bootstrap script became obsolete after setuptools integration
The legacy `distribute_setup.py` mechanism was rendered obsolete in 2013 after Distribute was merged back into setuptools, but the bootstrap pattern remained embedded in some projects.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Domain takeovers possible with legacy Python bootstrap script flaw
scworld.com
Open sourceLegacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
thehackernews.com
Open sourceBootstrap script exposes PyPI to domain takeover attacks
reversinglabs.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
python.org API flaw exposed Python release metadata to admin-level forgery
The Python Software Foundation disclosed a **critical authentication bypass** in the `python.org` release management API that could have let attackers forge administrator-level requests and modify Python release metadata. The flaw, reported by Splitline Ng of DEVCORE and confirmed by the Python Security Response Team, could have enabled changes to download and verification URLs for official Python installers, creating a path to distribute tampered files through trusted `python.org` infrastructure. The vulnerable logic reportedly dated back to 2014, affecting the release pipeline for more than a decade, but maintainers said post-incident forensics found **no evidence of exploitation**. The PSF patched the issue rapidly, with production fixes deployed within 24 hours and broader remediation completed within 48 hours, while also disabling risky API behavior and tightening release controls. Additional hardening included stricter URL validation, mandatory HTTPS enforcement, negative authentication test coverage, longer log retention, and stronger provenance measures around release artifacts, including emphasis on **Sigstore** alongside existing **PGP** signing. A subsequent Trail of Bits review funded by OpenAI reportedly found no additional authentication or authorization flaws, and the Foundation said the changes were designed to reduce the risk of unauthorized modification of Python downloads distributed via official channels.
Jun 27, 2026
Python Packaging and CPython Flaws Enable Privilege Escalation and Security Bypass
dCERT issued advisories for two Python-related vulnerabilities affecting **Red Hat Enterprise Linux** and **CPython**. One advisory warns that a flaw in `python-wheel` on Red Hat Enterprise Linux can allow **privilege escalation** and **arbitrary code execution**, creating a path for attackers to gain elevated access and run malicious code on affected systems. A second dCERT advisory reports a **CPython** vulnerability that can **bypass security measures**, indicating that protections relying on expected interpreter behavior may be undermined on vulnerable deployments. Together, the advisories highlight risk across both the Python runtime and packaging ecosystem, with potential impact ranging from weakened defensive controls to full code execution on enterprise Linux environments.
May 15, 2026
Software Supply Chain Threats Targeting Open-Source Ecosystems and Developer Tooling
Open-source software supply chain risk continued to escalate, with reporting citing **454,600+** newly identified malicious packages across major repositories (including **PyPI, npm, Maven Central, NuGet, and Hugging Face**) and tactics ranging from **credential theft** to **multi-stage attacks** and even early **self-replicating** package malware. The activity reportedly concentrated heavily in **npm**, including high-volume “ecosystem flooding” (e.g., single accounts publishing **150,000+** malicious packages in days) and **hijacking of trusted projects**, exploiting developer reliance on superficial trust signals such as package names, READMEs, and download counts. Separately, researchers disclosed **“PackageGate”** vulnerabilities in JavaScript package managers (**npm, pnpm, vlt, and Bun**) that can bypass common post-incident defenses—namely `--ignore-scripts` and lockfile integrity—enabling malicious code execution via compromised dependencies. Koi Security reported six issues; **pnpm, vlt, and Bun** shipped fixes, while **npm** reportedly treated the behavior as expected. In parallel, threat actors abused **GitHub’s fork architecture** to distribute a spoofed *GitHub Desktop* installer promoted via search ads; execution deployed **HijackLoader** and established persistence via a **scheduled task**, underscoring that supply chain threats extend beyond package registries into developer tooling distribution channels.
Mar 21, 2026