yaracroft
Suivre

Bundler is still vulnerable to dependency confusion attacks

Bundler is vulnerable to dependency confusion attacks if you have any implicit private dependencies, and has been since version 1.16.0, released in October 2017. The latest version at the time of writing, 2.2.17, is still vulnerable. There are some mitigations available.

zofrex.com/blog/2021/04/29/bun

· · 0 · 0 · 0
Inscrivez-vous pour prendre part à la conversation
nanao

Comme le soleil, les machines ne se couchent jamais.

Ressources

Développeurs

Qu’est-ce que Mastodon ?

nanao.cybtex.fr

Davantage…