all InfoSec news
Vulnerable API Exposes Private npm Packages
eSecurityPlanet www.esecurityplanet.com
Aqua Nautilus security researchers have revealed that threat actors could perform a timing attack on npm’s API to uncover private packages. The timing attack on the JavaScript package manager can work even if npm returns a 404 error to unauthorized or unauthenticated users who try to request the following endpoint (generic pattern): https://registry.npmjs.org/@/ A malicious […]
The post Vulnerable API Exposes Private npm Packages appeared first on eSecurityPlanet.
api application security cloud security cybersecurity devsecops network security npm security threats vulnerable vulnerable api web security