Source |
Bleeping Computer |
Identifiant |
8350168 |
Date de publication |
2023-06-28 10:28:35 (vue: 2023-06-28 15:06:46) |
Titre |
L'écosystème du NPM à risque des attaques de «confusion manifeste» NPM ecosystem at risk from “Manifest Confusion” attacks |
Texte |
Le registre NPM (Node Package Manager) souffre d'une laps de sécurité appelée "Manifest Confusion", qui sape la fiabilité des packages et permet aux attaquants de masquer les logiciels malveillants dans les dépendances ou d'effectuer une exécution de script malveillante pendant l'installation.[...]
The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages and makes it possible for attackers to hide malware in dependencies or perform malicious script execution during installation. [...] |
Envoyé |
Oui |
Condensat |
attackers attacks called confusion confusion” dependencies during ecosystem execution from hide installation lapse makes malicious malware manager manifest node npm package packages perform possible registry risk script security suffers trustworthiness undermines which “manifest |
Tags |
Malware
|
Stories |
|
Notes |
★★
|
Move |
|