package-dependencies-check
package-dependencies-check
Package dependencies with variant versions may lead to dependency hijack and confusion attacks. Better to specify an exact version or use package-lock.json for a specific version of the package.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-427: Uncontrolled Search Path Element
OWASP:
- A
- 0
- 5
- :
- 2
- 0
- 2
- 1
-
- -
-
- S
- e
- c
- u
- r
- i
- t
- y
-
- M
- i
- s
- c
- o
- n
- f
- i
- g
- u
- r
- a
- t
- i
- o
- n
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-427: Uncontrolled Search Path Element
OWASP:
- A
- 0
- 5
- :
- 2
- 0
- 2
- 1
-
- -
-
- S
- e
- c
- u
- r
- i
- t
- y
-
- M
- i
- s
- c
- o
- n
- f
- i
- g
- u
- r
- a
- t
- i
- o
- n