pino-logging is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.

nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the logging extension. An attacker can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

This vulnerability is only exploitable when using the default Triton Server binary bundled in /pytriton/tritonserver/bin/tritonserver.

It is possible to update the Triton Server binary to a patched version independently of PyTriton; See Building binaries from source.

Affected versions of this package are vulnerable to Trusting HTTP Permission Methods on the Server Side via the /management/commands endpoint. An attacker can trick the user into clicking a specially crafted link, potentially leading to code execution on the target page, theft of session information, and account takeover.