You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 29, 2022. It is now read-only.
In this file there is a dependency named as "axiom-base" with 1.0.0 version.
I searched for this package and there was no package in npmjs.com
So I published a package with same name "axiom-base" with higher version "3.0.0".
We can see at: https://www.npmjs.com/package/axiom-base
This vulnerability is famous "Dependency Confusion Attack"
Reference: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
Attack scenario:
If these package had been claimed by an attacker, this would have led to arbitrary code execution on the affected server.
The text was updated successfully, but these errors were encountered: