1. Gateway Framework Auto-Installs Unsigned Python Packages, Raising Critical Supply Chain Risk
A critical supply chain vulnerability has been identified in a gateway framework that automatically installs missing Python packages without verification. The flaw, documented in a security disclosure, stems from code that attempts to install dependencies like flask, requests, and flask-cors via subprocess on import if...