Apache Cordova App Harness Targeted in Dependency Confusion Attack

Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness.
Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name to a public package repository.
This&

actor apache app attack attacks called check dependency dependency confusion dependency confusion attacks fact harness malicious managers name package package managers private project public repositories researchers threat threat actor vulnerability