LebGeeks

A community for technology geeks in Lebanon.

You are not logged in.

#1 February 10

leblinux
Member

[Security] Dependency Confusion brilliant Hack - pip/npm/gems

I came across an interesting security related article and I wanted to share it with you.

read and enjoy!

https://medium.com/@alex.birsan/depende … 5d60fec610

Offline

#2 February 14

Padre
Member

Re: [Security] Dependency Confusion brilliant Hack - pip/npm/gems

Oh nice! Well played, well played.
I was under the impression that you have to specify where each "private" repo is, or it wont work. At least that's what we faced with composer.

Offline

#3 February 14

samer
Admin

Re: [Security] Dependency Confusion brilliant Hack - pip/npm/gems

Good to see the researchers got awarded some decent bounties. The damages would have been significant to the companies affected (and plenty of them are).

Offline

Board footer