Dependency confusion vulnerability impacts archived Apache project

24 April 2024

Threat actors could potentially launch a software supply chain attack by exploiting a dependency confusion flaw impacting the archived Apache Cordova App Harness project, which was discontinued five years ago, reports The Hacker News. Legit Security researchers discovered that such a vulnerability could be leveraged to facilitate the uploading of a malicious version of the software using the same name that would then be fetched by NPM and with the sample already downloaded more than 100 times, significant risk is likely.

Source: SC Magazine

Date:

24 April 2024

Categorie(s):

NEWS

Tag(s):

Apache, Dependency, IT, Network Security, News

These top cybersecurity firms are vital defenders against evolving digital threats in 20246 May 2024
Celebrating our 12th Anniversary at RSA conference 20245 May 2024
Offensive Awakening: The 2024 Shift from Defensive to Proactive Security5 May 2024
End-to-end encryption may be the bane of cops, but they can’t close that Pandora’s Box5 May 2024
Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks5 May 2024