Skip to content

Dependency confusion supply-chain vulnerability detected #6657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ashishbijlani opened this issue Aug 8, 2023 · 1 comment
Closed

Dependency confusion supply-chain vulnerability detected #6657

ashishbijlani opened this issue Aug 8, 2023 · 1 comment
Assignees
@wawltor
Labels
others unknown issue type triage

Comments

@ashishbijlani
Copy link

问题描述

Hi,

I'm a Cybersecurity researcher developing PackjGuard [1]. Our tool has detected a dependency confusion vulnerability in this repository. In order for me to disclose it, kindly enable GitHub Private vulnerability reporting, which allows security research to responsibly disclose a security vulnerability.

Thanks!

PackjGuard is a Github app that monitors repos for malicious, vulnerable, abandoned, and other "risky" dependencies and mitigates attacks by creating pull requests for automatic remediation https://github.com/marketplace/packjguard
@ashishbijlani ashishbijlani added the others unknown issue type label Aug 8, 2023
@github-actions github-actions bot added the triage label Aug 8, 2023
@w5688414
Copy link
Contributor

w5688414 commented May 7, 2024

Thank you for your advice, We need to have a discussion on it!

@paddle-bot paddle-bot bot closed this as completed May 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wawltor wawltor

Labels
others unknown issue type triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ashishbijlani @w5688414 @wawltor