Advertisement
Top
image credit: Adobe Stock

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

July 5, 2023

Via: The Hacker News
Category:

The npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation.

“A npm package’s manifest is published independently from its tarball,” Darcy Clarke, a former GitHub and npm engineering manager, said in a technical write-up published last week. “Manifests are never fully validated against the tarball’s contents.

Read More on The Hacker News

RELATED PUBLICATIONS

North Korean Hackers Hijack Antivirus Updates for Malware Delivery
OpenAI’s GPT-4 can exploit real vulnerabilities by reading security advisories
Dangerous ICS Malware Targets Orgs in Russia and Ukraine

Latest Publications

Global ransomware crisis worsens
UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!