3 matches found
Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies
In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a...
GHSA-24M3-W8G9-JWPQ Information disclosure of source code in SimpleSAMLphp
Background The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. Description The che...
simple-npm-registry directory traversal vulnerability
simple-npm-registry is a package that supports distribution of private npm modules. A directory traversal vulnerability exists in simple-npm-registry. An attacker can exploit this vulnerability by placing a '. /' sequence in a URL to gain access to the file system...