Warning: JavaScript registry npm vulnerable to 'manifest confusion' abuse

by
from The Register on (#6CHDC)
Story ImageFailure to match metadata with packaged files is perfect for supply chain attacks

The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files....

External Content
Source RSS or Atom Feed
Feed Location http://www.theregister.co.uk/headlines.atom
Feed Title The Register
Feed Link https://www.theregister.com/
Feed Copyright Copyright © 2024, Situation Publishing
Reply 0 comments