Arbitrary code execution is possible with build hooks offered by modern Python package installers when building modern PEP-518 pyproject.toml projects....
Build requirements in Python source distributions allow attackers to execute arbitrary code in an isolated build environment that is automatically deleted after use....