Skip to main content
Package dependencies with variant versions may lead to dependency hijack and confusion attacks. Better to specify an exact version or use package-lock.json for a specific version of the package.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-427: Uncontrolled Search Path Element
OWASP:
- A
- 0
- 5
- :
- 2
- 0
- 2
- 1
-

- -
-

- S
- e
- c
- u
- r
- i
- t
- y
-

- M
- i
- s
- c
- o
- n
- f
- i
- g
- u
- r
- a
- t
- i
- o
- n