all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Warning: JavaScript registry npm vulnerable to 'manifest confusion' abuse

Add to bookmarks
June 27, 2023, 8:40 p.m. | Thomas Claburn

The Register - Security www.theregister.com

Failure to match metadata with packaged files is perfect for supply chain attacks

The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files.…

abuse archive attacks data database failure files installation javascript malicious manifest metadata npm npm package opportunity package packages perfect public registry supply supply chain supply chain attacks vulnerable warning

Visit resource

More from www.theregister.com / The Register - Security

Infosec biz boss accused of BS'ing the world about his career, anti-crime product, customers an hour ago | www.theregister.com
boss career ceo crime +10
US charges 16 over 'depraved' grandparent scams 3 hours ago | www.theregister.com
car charges dollars elderly +7
Qantas app glitch sees boarding passes fly to other accounts 5 hours ago | www.theregister.com
accounts airline app breach +10
Open source programming language R patches gnarly arbitrary code exec flaw 19 hours ago | www.theregister.com
ace arbitrary code arbitrary code execution code +10
Cyber-bastard jailed for stealing psychotherapy files, blackmailing patients 21 hours ago | www.theregister.com
crime cyber files nation +9
UnitedHealth CEO: 'Decision to pay ransom was mine' 1 day, 1 hour ago | www.theregister.com
access authentication ceo change +25
NSA employee who tried and failed to spy for Russia gets 262 months in the … 1 day, 3 hours ago | www.theregister.com
docs employee low nsa +8
European Commission starts formal probe of Meta over election misinformation 1 day, 8 hours ago | www.theregister.com
action distribution election elections +14
Apple's 'incredibly private' Safari is not so private in Europe 1 day, 13 hours ago | www.theregister.com
antitrust app apple app stores +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Sr. Cloud Security Engineer

@ BLOCKCHAINS | USA - Remote
View on infosec-jobs.com

Network Security (SDWAN: Velocloud) Infrastructure Lead

@ Sopra Steria | Noida, Uttar Pradesh, India
View on infosec-jobs.com

Senior Python Engineer, Cloud Security

@ Darktrace | Cambridge
View on infosec-jobs.com

Senior Security Consultant

@ Nokia | United States
View on infosec-jobs.com

Manager, Threat Operations

@ Ivanti | United States, Remote
View on infosec-jobs.com

Lead Cybersecurity Architect - Threat Modeling | AWS Cloud Security

@ JPMorgan Chase & Co. | Columbus, OH, United States
View on infosec-jobs.com
View more jobs