Concerning this particular article, perhaps the vulnerability here are not a mallicious software packages, but the management of these software repo’s.
Should it be possible to upload a package on a repo with 99% of the same name as one that already exists without some additional checks?
Concerning this particular article, perhaps the vulnerability here are not a mallicious software packages, but the management of these software repo’s.
Should it be possible to upload a package on a repo with 99% of the same name as one that already exists without some additional checks?