Index Vulnerability: Unchecked File Deletion

Improper checking of ACLs would have allowed any authenticated user to delete any release file hosted on the Package Index by supplying its md5 to the :files action in the pypi-legacy code base.

  • Disclosure date: 2017-10-12 (Reported via security policy on
  • Disclosed by: Max Justicz

Fixed In

  • PyPI “Legacy Codebase” (2017-10-12) fixed by commit 18200fa (2017-10-12)


After mitigating the attack vector and deploying it, the responding Package Index maintainer worked to verify that no release files had been improperly removed using this exploit.

The Package Index maintains an audit log in the form of a “Journal” for all actions initiated. It was determined that exploitation of this attack vector would still remove files via the existing interface an audit log would still be written.

Using this information, we were able to reconstruct the users with access to legitimately remove release files at point in time of each file removal using the audit log.

The output of this script were used to determine that no malicious actors exploited this vulnerability. All flagged journal entries were related to one of the following scenarios:

  • Username updates that were not properly updated in the Journal
  • Administrator intervention to remove packages


Timeline using the disclosure date 2017-10-12 as reference:

  • 2017-10-12: Issue reported by Max Justicz following guidelines in security policy on
  • 2017-10-12 (+0days): Report investigated by Ernest W. Durbin III and determined to be exploitable
  • 2017-10-12 (+0days): Fix implemented and deployed in commit 18200fa
  • 2017-10-12 (+0days): The audit journals maintained by PyPI were used to reconstruct the full history of file removals to determine that no malicious deletions were performed.