Lobsters — security tag
Package Manager CWEs
ATT&CK techniques detected
T1195.001Compromise Software Dependencies and Development Tools
81%
“. it ’ s that the maintainer ’ s email domain expired, someone registered it, requested a password reset, and published. this has happened on at least three major registries ( the ctx incident is the documented one ) and is listed as an open threat in npm ’ s own model. the crede…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
53%
“bug above is worth checking on the server too. the registry is the higher - value target and it processes the same untrusted input. ssrf via repository urls and webhooks cwe - 918 ( server - side request forgery ). the registry fetches a url the user provided, and that url points…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…