mistralai

Malicious dropper in mistralai 2.4.6 PyPI package The `mistralai` PyPI package version `2.4.6` contains a malicious dropper that executes on import on Linux. No `v2.4.6` tag, commit, or release workflow run exists in this repository, the legitimate latest version before the upload was `2.4.5`, and the upload bypassed this repository's normal release pipeline (which uses PyPI Trusted Publishing). The `mistralai` PyPI project is currently quarantined. ## Affected - `mistralai==2.4.6` on PyPI. Versions `2.4.5` and earlier are not known to be a