Multiple Security Flaws found in Popular Software Package Managers

Multiple Security flaws have been revealed in some of the most popular software package managers, if left unaddressed could run arbitrary code and can retrieve crucial and sensitive information, such as source code and access tokens from compromised machines. However, a noteworthy thing is that these flaws require the targeted developers to handle a malicious package in conjunction with one of the affected package managers. SonarSource researcher Paul Gerste said: "This means that an attack cannot be launched directly against a developer machine from remote and requires that the developer is tricked into loading malformed files. But can you always know and trust the owners of all packages that you use from the internet or company-internal repositories?" These newly discovered issues in package managers can be used as the medium to attack the systems executing malicious code. Mr. Gerste said: Developers are an attractive target for cybercriminals because they have access to the core intellectual property assets of a company: source code. Compromising them allows attackers to conduct espionage or to embed malicious code into a company's products. This could even be used to pull off supply chain attacks."