Cxa45b0853-bee2 @ Npm-momnet-2.29.1 #1
Comments
This was referenced Sep 5, 2023
Open
This was referenced Sep 5, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about Cxa45b0853-bee2
Checkmarx Project: AaronZhouYu/TotallySecureApp
Repository URL: https://github.com/AaronZhouYu/TotallySecureApp
Branch: main
Scan ID: d9fa6dd5-d23b-4436-b75a-41a016305f39
This package name is similar to other popular package "moment"
About
Typosquatting attacks relies on user type errors being inputted into installation commands or manifest files.
For example, let's take the popular npm package moment which has tens of millions of weekly downloads.
A user would like use this package and assisting the
npm installcommand like so:However, sometimes users tend to do accidentally typos, so another user would write:
In this case, if a package exists under the Typosquatting name, it will be fetched and used.
Attackers find this method effective and usually tend to copy the original functionality and metadata to avoid detection. Typosquatting is one way to mislead developers to download the wrong package and usually includes with a malicious payloads.
Additional Info
The text was updated successfully, but these errors were encountered: