Navigation
Search
|
Open source package entry points could be used for command jacking
Monday October 14, 2024. 05:48 PM , from InfoWorld
Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, plant malware, and more.
This warning to developers and infosec leaders comes in a report released today by researchers at Checkmarx. They dub the techniques “command jacking,” because attackers can use entry points to run specific commands impersonating popular third-party tools and system commands. But attackers could also leverage malicious plugins and extensions.
https://www.csoonline.com/article/3560931/open-source-package-entry-points-could-be-used-for-command...
Related News |
25 sources
Current Date
Dec, Wed 18 - 14:43 CET
|