all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Vulnerable API Exposes Private npm Packages

Add to bookmarks
Oct. 12, 2022, 7:46 p.m. | Julien Maury

eSecurityPlanet www.esecurityplanet.com

Aqua Nautilus security researchers have revealed that threat actors could perform a timing attack on npm’s API to uncover private packages. The timing attack on the JavaScript package manager can work even if npm returns a 404 error to unauthorized or unauthenticated users who try to request the following endpoint (generic pattern): https://registry.npmjs.org/@/ A malicious […]


The post Vulnerable API Exposes Private npm Packages appeared first on eSecurityPlanet.

api application security cloud security cybersecurity devsecops network security npm security threats vulnerable vulnerable api web security

Visit resource

More from www.esecurityplanet.com / eSecurityPlanet

How to Block a Program in a Firewall (Windows & Mac) 5 days, 22 hours ago | www.esecurityplanet.com
act amp block firewall +7
Vulnerability Recap 5/6/24 – Aruba, Dropbox, GitLab Bugs 5 days, 23 hours ago | www.esecurityplanet.com
aruba aruba networks bugs dropbox +10
2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues 1 week, 3 days ago | www.esecurityplanet.com
1password amp cisco cloud security +16
Red Team vs Blue Team vs Purple Team: Differences Explained 1 week, 3 days ago | www.esecurityplanet.com
blue blue team blue teams cloud security +24
How To Set Up DMZ on Servers: 7-Step DMZ Configuration 1 week, 5 days ago | www.esecurityplanet.com
configuration dmz guide learn +7
How To Set Up a Firewall in 8 Easy Steps + Best Practices 1 week, 5 days ago | www.esecurityplanet.com
act best practices defense easy +7
Wireless Network Security: WEP, WPA, WPA2 & WPA3 Explained 1 week, 5 days ago | www.esecurityplanet.com
amp attacks explained guide +16
Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More 1 week, 5 days ago | www.esecurityplanet.com
alto amp april catch +14
What Is Integrated Risk Management? Definition & Implementation 1 week, 5 days ago | www.esecurityplanet.com
amp cybersecurity definition governance risk and compliance +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Lead Security Engineer

@ JPMorgan Chase & Co. | Tampa, FL, United States
View on infosec-jobs.com

GTI Manager of Cybersecurity Operations

@ Grant Thornton | Tulsa, OK, United States
View on infosec-jobs.com

GCP Incident Response Engineer

@ Publicis Groupe | Dallas, Texas, United States
View on infosec-jobs.com

DevSecOps Engineer - CL - Santiago

@ Globant | Santiago de Chile, Santiago, CL
View on infosec-jobs.com

IT Security Analyst - State Government & Healthcare

@ NTT DATA | Little Rock, AR, US
View on infosec-jobs.com

Exploit Developer

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com
View more jobs