Dependency confusion is “a software supply chain exploit that takes advantage of a quirk in certain package managers to inject unwanted (and potentially malicious) code,” says FOSSA.
This article explores several aspects of dependency confusion, including how attackers identify packages in private registries and how you can prevent attacks.
Read more at FOSSA.
Comments