➠ Hyperledger: Dependency confusion in https://github.com/hyperledger/aries-mobile-agent-react-native
Hi, I found dependency confusion vulnerability in your aries mobile agent. The agent is installed through npm which then download thepublic packages required by the application. Those dependencies are defined through the package.json file. I found that your agent depends on the package "aries-bifold" that is not currently present in the public repository; an attacker could upload its malicious package and then gain remote code execution on every target installing the agent. I limited my research on finding the missing package without uploading the "malicious" package on npm because https://github.com/hyperledger/aries-mobile-agent-react-native is not in scope (but is not out-of-scope either), but the methods to exploit this vulnerability are well documented here: 1) https://dhiyaneshgeek.github.io/web/security/2021/09/04/dependency-confusion/ More about this vulnerability from the researcher who discovered it: 2) https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 Cheers, r3drush Impact Remote code execution to clients installing the......
Zur Startseite
➤ Ähnliche Beiträge für 'Hyperledger: Dependency confusion in https://github.com/hyperledger/aries-mobile-agent-react-native'
Useful ReactJS links - Interview preparation
vom 4921.88 Punkte
Hey Guys !!
I have listed some of the useful links which will help you to crack ReactJS interview.
ReactJS Github
Please find the table of contents,
React Life cycle
React Road map for beginners
React Performance
React tips and Tricks
React Hooks
React Libra
Top 10+ Best React Native UI Components for Mobile App Development
vom 3238.25 Punkte
Welcome to the world of React Native UI components for mobile app development. As a mobile app developer, you know that user experience is key to delivering a successful product. This is why it is so important to choose the right tools for your de
2023's Top Development Projects for Programmers: A Complete List of Tutorials and Tools for Mastering the Latest Technologies
vom 1645.4 Punkte
Welcome to our blog post on "2023's Top Development Projects for Programmers"! As a developer, staying up to date on the latest technologies and tools is crucial for staying competitive in the job market. In this post, we've compiled a comprehensive li
⚔React vs. Vue.js: A Batalha dos Gigantes do Front-end
vom 1635.65 Punkte
Se você é um desenvolvedor iniciante ou alguém procurando mudar para um novo framework, esta batalha épica irá ajudá-lo a entender as semelhanças e diferenças entre React e Vue.js. Vamos explorar o que torna cada um deles especial, comparar se
Virtual Coffee Hacktoberfest 2023 Roundup
vom 1453.64 Punkte
Another Hacktoberfest has come and gone!
This was Virtual Coffee's fourth (fourth!!) Hacktoberfest (🤯🤯🤯) and it was another great one! Our members knocked it out of the park as usual, and we wanted to take a moment to celebrate!
Our Virtual Coffee H
⚡ Complete Tutorial: React Admin Panel with refine and daisyUI
vom 1278.66 Punkte
Author: Abdullah Numan
Introduction
In this post, we go through the process of developing a React admin panel using refine and daisyUI.
refineis a React-based framework that helps quickly build data-heavy applications like dashboards, admin panels and sto
The Complete React Native Tutorial For Beginners
vom 1242.79 Punkte
The Complete React Native Tutorial For Beginners
📌 Getting Started with React Nativehttps://reactnative.dev/docs/tutorial.html
📌 Interactive React Native Coding Tutorialshttps://www.reactnative.express
📌 The Ultimate React Native Tutorialhttps:
CLI tools you won't be able to live without 🔧
vom 1193.51 Punkte
As developers, we spend a lot of our time in the terminal. There's a lot of helpful CLI tools, which can make your life in the command line easier, faster and generally more fun.
This post outlines my top 50 must-have CLI tools, which I've come to r
Top 10 React Form Libraries for Efficient Form Creation
vom 1083.73 Punkte
Introduction
As front-end developers, forms play a crucial role in our daily work. Rather than reinventing the wheel and writing forms from scratch every time, it's important to understand the various libraries available to streamline and simplif
OffensivePipeline - Allows You To Download And Build C# Tools, Applying Certain Modifications In Order To Improve Their Evasion For Red Team Exercises
vom 1022.04 Punkte
OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises. A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it,
React Native cheatsheet for beginners
vom 1016.98 Punkte
React native is one of the most demanding cross platform frameworks developed by Meta (Facebook) for creating mobile applications with ease. It follows Learn Once, Write Anywhere paradigm which allows users to create components using Javascript, HTML5 an
React SSR web-server from scratch
vom 961.83 Punkte
Poking around with some web frameworks like Next and Astro I was posed the question of how hard is some of the stuff they are doing and could we do it custom? My initial reaction was no way, these frameworks do a lot and I would not want that burden. B