Apache Cordova App Harness Targeted in Dependency Confusion Attack

Researchers have discovered a vulnerability related to dependency confusion that affects the Cordova App Harness, an Apache project that has been archived.

Because package managers scan public repositories before private registries, dependency confusion attacks can occur. This means that a threat actor can publish a malicious package with the same name to a public package repository.

As a result, the malicious package is unintentionally downloaded by the package management from the public repository rather than the private repository. Should it be successful, there might be dire repercussions, including deploying the software for every downstream consumer read more Apache Cordova App Harness Targeted in Dependency Confusion Attack.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *