Navigation
Recherche
|
Open source package entry points could be used for command jacking
lundi 14 octobre 2024, 17:48 , par InfoWorld
Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, plant malware, and more.
This warning to developers and infosec leaders comes in a report released today by researchers at Checkmarx. They dub the techniques “command jacking,” because attackers can use entry points to run specific commands impersonating popular third-party tools and system commands. But attackers could also leverage malicious plugins and extensions.
https://www.csoonline.com/article/3560931/open-source-package-entry-points-could-be-used-for-command...
Voir aussi |
56 sources (32 en français)
Date Actuelle
ven. 15 nov. - 23:39 CET
|