Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cx00901104-3e66 @ Npm-momnet-2.29.1 #80

Open
gvocstr opened this issue May 9, 2022 · 0 comments
Open

Cx00901104-3e66 @ Npm-momnet-2.29.1 #80

gvocstr opened this issue May 9, 2022 · 0 comments

Comments

@gvocstr
Copy link
Owner

gvocstr commented May 9, 2022

Vulnerable Package issue exists @ Npm-momnet-2.29.1 in branch main

This package name is similar to other popular package "moment"

About

Typosquatting attacks relies on user type errors being inputted into installation commands or manifest files.

For example, let's take the popular npm package moment which has tens of millions of weekly downloads.

A user would like use this package and assisting the npm install command like so:

npm install moment

However, sometimes users tend to do accidentally typos, so another user would write:

npm install momnet

In this case, if a package exists under the Typosquatting name, it will be fetched and used.

infographic

Attackers find this method effective and usually tend to copy the original functionality and metadata to avoid detection. Typosquatting is one way to mislead developers to download the wrong package and usually includes with a malicious payloads.

Namespace: gvocstr
Repository: ast-advanced-lab
Repository Url: https://github.com/gvocstr/ast-advanced-lab
CxAST-Project: gvocstr/ast-advanced-lab
CxAST platform scan: 2a525e57-0ef3-4b26-9f0e-6090ac931cbe
Branch: main
Application: ast-advanced-lab
Severity: HIGH
State: NOT_IGNORED
Status: NEW
CWE: Typosquatting


Addition Info

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant