New Timing Attack Against NPM Registry API Could Expose Private Packages
New Timing Attack Against NPM Registry API Could Expose Private Packages,
“By creating a list of possible package names, threat actors can detect organizations’ scoped private packages and then masquerade public packages, tricking employees and users into downloading them,”
,
“By creating a list of possible package names, threat actors can detect organizations’ scoped private packages and then masquerade public packages, tricking employees and users into downloading them,”
, ,
https://thehackernews.com/2022/10/new-timing-attack-against-npm-registry.html