You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Package managers often display traction statistics per code package based on it's related GitHub repository. This statistics helps developers to evaluate code packages.
The statistics displayed by the package managers do not go through any validation process. It can easily be falsified to mislead developers because of how this information is acquired.
As part of the package metadata analysis capabilities Checkmarx has, StarJacking engine verifies the authenticity of such Git repository references and in case it's a false reference, this risk is shown
Vulnerable Package issue exists @ Npm-momnet-2.29.1 in branch main
There is a weak link between the package's listed metadata and the referenced Git repository "https://github.com/moment/moment"
About
Package managers often display traction statistics per code package based on it's related GitHub repository. This statistics helps developers to evaluate code packages.
The statistics displayed by the package managers do not go through any validation process. It can easily be falsified to mislead developers because of how this information is acquired.
As part of the package metadata analysis capabilities Checkmarx has, StarJacking engine verifies the authenticity of such Git repository references and in case it's a false reference, this risk is shown
Namespace: dorohayon
Repository: cxone-advanced-lab
Repository Url: https://github.com/dorohayon/cxone-advanced-lab
CxAST-Project: dorohayon/cxone-advanced-lab
CxAST platform scan: 1f20cfdb-755f-4c85-8955-8edd4bc0421c
Branch: main
Application: cxone-advanced-lab
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: StarJacking
Additional Info
The text was updated successfully, but these errors were encountered: