Common Weakness Enumeration

CWE-494

Allowed

Download of Code Without Integrity Check

Abstraction: Base · Status: Draft

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

291 vulnerabilities reference this CWE, most recent first.

GHSA-VGJ5-PM4F-Q6GV

Vulnerability from github – Published: 2024-11-12 15:30 – Updated: 2024-11-12 18:30
VLAI
Details

An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-12T15:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.",
  "id": "GHSA-vgj5-pm4f-q6gv",
  "modified": "2024-11-12T18:30:52Z",
  "published": "2024-11-12T15:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33660"
    },
    {
      "type": "WEB",
      "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VQQG-V6V5-GM7X

Vulnerability from github – Published: 2024-04-12 18:33 – Updated: 2024-04-12 18:33
VLAI
Details

IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28878"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-12T16:15:36Z",
    "severity": "CRITICAL"
  },
  "details": "\nIO-1020 Micro ELD downloads source code or an executable from an \nadjacent location and executes the code without sufficiently verifying \nthe origin or integrity of the code.\n\n",
  "id": "GHSA-vqqg-v6v5-gm7x",
  "modified": "2024-04-12T18:33:26Z",
  "published": "2024-04-12T18:33:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28878"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXFW-7PHG-R3VF

Vulnerability from github – Published: 2023-08-11 09:30 – Updated: 2024-04-04 06:52
VLAI
Details

Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-494",
      "CWE-89",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-11T07:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n",
  "id": "GHSA-vxfw-7phg-r3vf",
  "modified": "2024-04-04T06:52:20Z",
  "published": "2023-08-11T09:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40254"
    },
    {
      "type": "WEB",
      "url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
    },
    {
      "type": "WEB",
      "url": "https://www.genians.co.kr/notice/2023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXX9-QWHQ-HGF4

Vulnerability from github – Published: 2024-03-25 15:30 – Updated: 2024-12-03 18:31
VLAI
Details

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-25T15:15:52Z",
    "severity": "HIGH"
  },
  "details": "In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.",
  "id": "GHSA-vxx9-qwhq-hgf4",
  "modified": "2024-12-03T18:31:01Z",
  "published": "2024-03-25T15:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30205"
    },
    {
      "type": "WEB",
      "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29\u0026id=2bc865ace050ff118db43f01457f95f95112b877"
    },
    {
      "type": "WEB",
      "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29"
    },
    {
      "type": "WEB",
      "url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/03/25/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W2VW-XC39-VH5C

Vulnerability from github – Published: 2025-08-20 15:31 – Updated: 2025-11-03 21:34
VLAI
Details

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31355"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-20T14:15:43Z",
    "severity": "HIGH"
  },
  "details": "A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-w2vw-xc39-vh5c",
  "modified": "2025-11-03T21:34:22Z",
  "published": "2025-08-20T15:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31355"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2161"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2161"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W466-C33R-3GJP

Vulnerability from github – Published: 2026-06-26 23:34 – Updated: 2026-06-26 23:34
VLAI
Summary
pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes
Details

Maintainer Action Plan

This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path.

  • Advisory: CAND-PNPM-063 / GHSA-w466-c33r-3gjp
  • Advisory URL: https://github.com/pnpm/pnpm/security/advisories/GHSA-w466-c33r-3gjp
  • Shared patch PR: https://github.com/pnpm/pnpm-ghsa-j2hc-m6cf-6jm8/pull/1
  • Shared patch branch: security/ghsa-batch-2026-06-09
  • Patch commit: a93449314f398cf4bdf2e28d033c02d37395ad22
  • Base commit: origin/main 55a4035abf1ae3fe7208ba1f5ef43c5eff58ccec
  • Maintainer priority: start-here
  • Component: pnpm packageManager env lockfile
  • Patch area: package-manager env lockfile is re-resolved through trusted registries before execution
  • Affected packages: npm:pnpm, npm:@pnpm/installing.env-installer
  • CWE IDs: CWE-829, CWE-494, CWE-345
  • Conservative CVSS: 8.8 / CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Next action: review the shared patch branch for this component, set the final affected version range, merge and release the fix, then publish or close the advisory.

Expected Patched Behavior

Committed env-lockfile package-manager entries are force-refreshed through trusted registries before execution; attacker tarball requests and markers stay at zero.

Files And Tests To Review

  • installing/env-installer/src/resolvePackageManagerIntegrities.ts
  • pnpm/src/switchCliVersion.ts
  • pnpm/src/switchCliVersion.test.ts
  • .changeset/clean-package-manager-registries.md

Focused Validation

Run these from a checkout of the shared patch branch. They are the useful maintainer commands with machine-local artifact paths removed.

./node_modules/.bin/tsgo --build installing/env-installer/tsconfig.json
./node_modules/.bin/tsgo --build pnpm/tsconfig.json
PNPM_REGISTRY_MOCK_PORT=7799 NODE_OPTIONS="--experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169" ../node_modules/.bin/jest src/switchCliVersion.test.ts -t "re-resolved package-manager lockfile" --runInBand
PNPM_REGISTRY_MOCK_PORT=7799 NODE_OPTIONS="--experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169" ../node_modules/.bin/jest src/switchCliVersion.test.ts src/syncEnvLockfile.test.ts --runInBand
./node_modules/.bin/eslint installing/env-installer/src/resolvePackageManagerIntegrities.ts pnpm/src/switchCliVersion.ts pnpm/src/switchCliVersion.test.ts
git diff --check

The full patched replay for the shared branch passed with all 20 candidates marked fixed. This candidate's replay evidence is results/CAND-PNPM-063-patched-result.json.

Summary

pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained matching pnpm and @pnpm/exe versions. A malicious repository could therefore commit package-manager lockfile package records and snapshots that bypassed fresh package-manager resolution, then cause pnpm to install and execute bytes selected by that committed lockfile state during automatic version switching.

Details

The vulnerable source-to-sink path was:

  • lockfile/fs/src/envLockfile.ts reads the repository's first YAML lockfile document and validates shape only.
  • pnpm/src/main.ts reaches switchCliVersion() when a direct pnpm invocation sees a wanted pnpm package manager with onFail=download.
  • pnpm/src/switchCliVersion.ts reads the committed env lockfile when package-manager metadata should be persisted.
  • installing/env-installer/src/resolvePackageManagerIntegrities.ts treated packageManagerDependencies as resolved when only the pnpm and @pnpm/exe versions matched.
  • engine/pm/commands/src/self-updater/installPnpm.ts converts env-lockfile snapshots and packages into the wanted lockfile used by headlessInstall().
  • pnpm/src/switchCliVersion.ts executes the installed pnpm binary with spawn.sync().

The helper fast path is intentionally still version-based for non-execution callers, so the security boundary is enforced at the execution path: switchCliVersion() now re-resolves already present package-manager env-lockfile entries before they can reach installPnpmToStore() and spawn.sync().

PoC

Standalone PoC and verification script:

The PoC constructs a committed env-lockfile object with matching package-manager dependency versions and attacker-selected package metadata:

{
  "importers": {
    ".": {
      "configDependencies": {},
      "packageManagerDependencies": {
        "@pnpm/exe": { "specifier": "9.3.0", "version": "9.3.0" },
        "pnpm": { "specifier": "9.3.0", "version": "9.3.0" }
      }
    }
  },
  "lockfileVersion": "9.0",
  "packages": {
    "/pnpm@9.3.0": {
      "resolution": {
        "integrity": "sha512-poisoned"
      }
    }
  },
  "snapshots": {
    "/pnpm@9.3.0": {}
  }
}

Pre-patch exploit model:

  1. The victim runs pnpm directly in a malicious repository.
  2. The requested package-manager version differs from the currently running pnpm.
  3. pnpm enters switchCliVersion() and reads the committed env lockfile.
  4. Matching pnpm / @pnpm/exe versions short-circuit package-manager resolution.
  5. pnpm installs from the committed env-lockfile package records and executes the resulting pnpm binary.

Observed primitive proof from the PoC:

{
  "primitive": "unforced resolver reuses already-resolved env lockfile metadata",
  "isResolvedByVersionOnly": true,
  "reusedPoisonedIntegrity": true
}

The same script then runs the patched switchCliVersion regression. The regression seeds a poisoned committed env lockfile, has the resolver return a trusted replacement lockfile, and asserts installPnpmToStore() receives the trusted lockfile rather than the committed one. This would fail on the vulnerable control flow because the resolver was not called and the committed lockfile reached the installer.

Focused validation commands:

./node_modules/.bin/tsgo --build installing/env-installer/tsconfig.json
./node_modules/.bin/tsgo --build pnpm/tsconfig.json
PNPM_REGISTRY_MOCK_PORT=7799 NODE_OPTIONS="--experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169" ../node_modules/.bin/jest src/switchCliVersion.test.ts -t "re-resolved package-manager lockfile" --runInBand
PNPM_REGISTRY_MOCK_PORT=7799 NODE_OPTIONS="--experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169" ../node_modules/.bin/jest src/switchCliVersion.test.ts src/syncEnvLockfile.test.ts --runInBand
./node_modules/.bin/eslint installing/env-installer/src/resolvePackageManagerIntegrities.ts pnpm/src/switchCliVersion.ts pnpm/src/switchCliVersion.test.ts
git diff --check

Validation result:

  • The PoC confirmed the unforced resolver still reuses a version-matching env lockfile, proving the original primitive.
  • Patched switchCliVersion() calls resolvePackageManagerIntegrities() with force: true when committed env-lockfile package-manager entries already satisfy the requested version.
  • Patched switchCliVersion() assigns the resolver return value back to envLockfile.
  • The installer receives the refreshed lockfile and not the poisoned committed lockfile.
  • TypeScript builds passed for @pnpm/installing.env-installer and pnpm.
  • The focused Jest regression passed: 1 passed, 1 skipped in switchCliVersion.test.ts.
  • ESLint passed for the affected package-manager switch files.
  • git diff --check passed.

Impact

A malicious repository can cause arbitrary package-manager code execution in the victim's developer or CI environment before normal command handling continues. That code executes with the victim user's privileges and can read local secrets, alter project files, mutate dependency state, or run further commands.

Affected products

Ecosystem: npm

Package name: pnpm, @pnpm/installing.env-installer

Affected versions: current main before this patch; direct pnpm execution with package-manager auto-switching and a repository-controlled env lockfile.

Patched versions: pending release containing this patch.

Severity

Severity: High

Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base score: 8.8

Rationale: the malicious source is repository-controlled package-manager lockfile state delivered through normal supply-chain channels. Exploitation is low complexity once the victim runs pnpm directly, no attacker privileges are required, and user interaction is required. Successful exploitation executes attacker-selected package-manager code in the victim user's security context, with high confidentiality, integrity, and availability impact.

Weaknesses

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

CWE-494: Download of Code Without Integrity Check

CWE-345: Insufficient Verification of Data Authenticity

Patch

The patch makes automatic package-manager switching re-resolve repository-provided bootstrap metadata before install and execution:

  • resolvePackageManagerIntegrities() accepts force, which bypasses the version-only fast path.
  • switchCliVersion() creates a store controller even when the committed env lockfile already contains satisfying package-manager dependency versions.
  • switchCliVersion() calls resolvePackageManagerIntegrities() with force: true for already resolved package-manager entries.
  • switchCliVersion() assigns the returned env lockfile back to envLockfile, so installPnpmToStore() installs from freshly resolved metadata.
  • The package-manager bootstrap registry hardening from CAND-PNPM-061 is reused, so the refresh happens through trusted package-manager registries rather than repository workspace registries.

Changed files:

  • installing/env-installer/src/resolvePackageManagerIntegrities.ts
  • pnpm/src/switchCliVersion.ts
  • pnpm/src/switchCliVersion.test.ts

Changeset:

  • .changeset/clean-package-manager-registries.md

Pacquet parity:

No pacquet-side patch is required for this finding because pacquet does not implement pnpm's package-manager auto-switch path or installPnpmToStore().

CVSS Reassessment

Initial CVSS remains correct for vulnerable versions: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H / 8.8 High.

Final CVSS after patch: not vulnerable after patch / 0.0. The PoC still demonstrates the underlying unforced env-lockfile reuse primitive, but the patched execution path force-refreshes package-manager metadata through trusted bootstrap registries before install or execution.

Remaining Risk

The helper resolvePackageManagerIntegrities() still has an unforced fast path that treats matching pnpm and @pnpm/exe versions as resolved. Current execution-sensitive callers either use trusted roots/registries or pass through the patched switchCliVersion() boundary, but future execution paths should use force: true before installing or executing package-manager bytes from repository-provided env-lockfile metadata.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "pnpm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.34.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "pnpm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-55698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345",
      "CWE-494",
      "CWE-829"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-26T23:34:06Z",
    "nvd_published_at": "2026-06-25T18:16:40Z",
    "severity": "HIGH"
  },
  "details": "\u003c!-- maintainer-action:start --\u003e\n## Maintainer Action Plan\n\nThis report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path.\n\n- Advisory: `CAND-PNPM-063` / `GHSA-w466-c33r-3gjp`\n- Advisory URL: https://github.com/pnpm/pnpm/security/advisories/GHSA-w466-c33r-3gjp\n- Shared patch PR: https://github.com/pnpm/pnpm-ghsa-j2hc-m6cf-6jm8/pull/1\n- Shared patch branch: `security/ghsa-batch-2026-06-09`\n- Patch commit: `a93449314f398cf4bdf2e28d033c02d37395ad22`\n- Base commit: `origin/main` `55a4035abf1ae3fe7208ba1f5ef43c5eff58ccec`\n- Maintainer priority: `start-here`\n- Component: `pnpm packageManager env lockfile`\n- Patch area: package-manager env lockfile is re-resolved through trusted registries before execution\n- Affected packages: `npm:pnpm`, `npm:@pnpm/installing.env-installer`\n- CWE IDs: `CWE-829`, `CWE-494`, `CWE-345`\n- Conservative CVSS: `8.8` / `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`\n- Next action: review the shared patch branch for this component, set the final affected version range, merge and release the fix, then publish or close the advisory.\n\n### Expected Patched Behavior\n\nCommitted env-lockfile package-manager entries are force-refreshed through trusted registries before execution; attacker tarball requests and markers stay at zero.\n\n### Files And Tests To Review\n\n- `installing/env-installer/src/resolvePackageManagerIntegrities.ts`\n- `pnpm/src/switchCliVersion.ts`\n- `pnpm/src/switchCliVersion.test.ts`\n- `.changeset/clean-package-manager-registries.md`\n\n### Focused Validation\n\nRun these from a checkout of the shared patch branch. They are the useful maintainer commands with machine-local artifact paths removed.\n\n```bash\n./node_modules/.bin/tsgo --build installing/env-installer/tsconfig.json\n./node_modules/.bin/tsgo --build pnpm/tsconfig.json\nPNPM_REGISTRY_MOCK_PORT=7799 NODE_OPTIONS=\"--experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169\" ../node_modules/.bin/jest src/switchCliVersion.test.ts -t \"re-resolved package-manager lockfile\" --runInBand\nPNPM_REGISTRY_MOCK_PORT=7799 NODE_OPTIONS=\"--experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169\" ../node_modules/.bin/jest src/switchCliVersion.test.ts src/syncEnvLockfile.test.ts --runInBand\n./node_modules/.bin/eslint installing/env-installer/src/resolvePackageManagerIntegrities.ts pnpm/src/switchCliVersion.ts pnpm/src/switchCliVersion.test.ts\ngit diff --check\n```\n\nThe full patched replay for the shared branch passed with all 20 candidates marked fixed. This candidate\u0027s replay evidence is `results/CAND-PNPM-063-patched-result.json`.\n\u003c!-- maintainer-action:end --\u003e\n\n### Summary\n\npnpm can persist package-manager bootstrap metadata in the first YAML document of `pnpm-lock.yaml`. Before the patch, direct pnpm execution trusted an already resolved `packageManagerDependencies` entry when the committed env lockfile contained matching `pnpm` and `@pnpm/exe` versions. A malicious repository could therefore commit package-manager lockfile package records and snapshots that bypassed fresh package-manager resolution, then cause pnpm to install and execute bytes selected by that committed lockfile state during automatic version switching.\n\n### Details\n\nThe vulnerable source-to-sink path was:\n\n- `lockfile/fs/src/envLockfile.ts` reads the repository\u0027s first YAML lockfile document and validates shape only.\n- `pnpm/src/main.ts` reaches `switchCliVersion()` when a direct pnpm invocation sees a wanted `pnpm` package manager with `onFail=download`.\n- `pnpm/src/switchCliVersion.ts` reads the committed env lockfile when package-manager metadata should be persisted.\n- `installing/env-installer/src/resolvePackageManagerIntegrities.ts` treated `packageManagerDependencies` as resolved when only the `pnpm` and `@pnpm/exe` versions matched.\n- `engine/pm/commands/src/self-updater/installPnpm.ts` converts env-lockfile `snapshots` and `packages` into the wanted lockfile used by `headlessInstall()`.\n- `pnpm/src/switchCliVersion.ts` executes the installed `pnpm` binary with `spawn.sync()`.\n\nThe helper fast path is intentionally still version-based for non-execution callers, so the security boundary is enforced at the execution path: `switchCliVersion()` now re-resolves already present package-manager env-lockfile entries before they can reach `installPnpmToStore()` and `spawn.sync()`.\n\n### PoC\n\nStandalone PoC and verification script:\n\nThe PoC constructs a committed env-lockfile object with matching package-manager dependency versions and attacker-selected package metadata:\n\n```json\n{\n  \"importers\": {\n    \".\": {\n      \"configDependencies\": {},\n      \"packageManagerDependencies\": {\n        \"@pnpm/exe\": { \"specifier\": \"9.3.0\", \"version\": \"9.3.0\" },\n        \"pnpm\": { \"specifier\": \"9.3.0\", \"version\": \"9.3.0\" }\n      }\n    }\n  },\n  \"lockfileVersion\": \"9.0\",\n  \"packages\": {\n    \"/pnpm@9.3.0\": {\n      \"resolution\": {\n        \"integrity\": \"sha512-poisoned\"\n      }\n    }\n  },\n  \"snapshots\": {\n    \"/pnpm@9.3.0\": {}\n  }\n}\n```\n\nPre-patch exploit model:\n\n1. The victim runs pnpm directly in a malicious repository.\n2. The requested package-manager version differs from the currently running pnpm.\n3. pnpm enters `switchCliVersion()` and reads the committed env lockfile.\n4. Matching `pnpm` / `@pnpm/exe` versions short-circuit package-manager resolution.\n5. pnpm installs from the committed env-lockfile package records and executes the resulting `pnpm` binary.\n\nObserved primitive proof from the PoC:\n\n```json\n{\n  \"primitive\": \"unforced resolver reuses already-resolved env lockfile metadata\",\n  \"isResolvedByVersionOnly\": true,\n  \"reusedPoisonedIntegrity\": true\n}\n```\n\nThe same script then runs the patched `switchCliVersion` regression. The regression seeds a poisoned committed env lockfile, has the resolver return a trusted replacement lockfile, and asserts `installPnpmToStore()` receives the trusted lockfile rather than the committed one. This would fail on the vulnerable control flow because the resolver was not called and the committed lockfile reached the installer.\n\nFocused validation commands:\n\n```bash\n./node_modules/.bin/tsgo --build installing/env-installer/tsconfig.json\n./node_modules/.bin/tsgo --build pnpm/tsconfig.json\nPNPM_REGISTRY_MOCK_PORT=7799 NODE_OPTIONS=\"--experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169\" ../node_modules/.bin/jest src/switchCliVersion.test.ts -t \"re-resolved package-manager lockfile\" --runInBand\nPNPM_REGISTRY_MOCK_PORT=7799 NODE_OPTIONS=\"--experimental-vm-modules --disable-warning=ExperimentalWarning --disable-warning=DEP0169\" ../node_modules/.bin/jest src/switchCliVersion.test.ts src/syncEnvLockfile.test.ts --runInBand\n./node_modules/.bin/eslint installing/env-installer/src/resolvePackageManagerIntegrities.ts pnpm/src/switchCliVersion.ts pnpm/src/switchCliVersion.test.ts\ngit diff --check\n```\n\nValidation result:\n\n- The PoC confirmed the unforced resolver still reuses a version-matching env lockfile, proving the original primitive.\n- Patched `switchCliVersion()` calls `resolvePackageManagerIntegrities()` with `force: true` when committed env-lockfile package-manager entries already satisfy the requested version.\n- Patched `switchCliVersion()` assigns the resolver return value back to `envLockfile`.\n- The installer receives the refreshed lockfile and not the poisoned committed lockfile.\n- TypeScript builds passed for `@pnpm/installing.env-installer` and `pnpm`.\n- The focused Jest regression passed: 1 passed, 1 skipped in `switchCliVersion.test.ts`.\n- ESLint passed for the affected package-manager switch files.\n- `git diff --check` passed.\n\n### Impact\n\nA malicious repository can cause arbitrary package-manager code execution in the victim\u0027s developer or CI environment before normal command handling continues. That code executes with the victim user\u0027s privileges and can read local secrets, alter project files, mutate dependency state, or run further commands.\n\n## Affected products\n\nEcosystem: npm\n\nPackage name: `pnpm`, `@pnpm/installing.env-installer`\n\nAffected versions: current main before this patch; direct pnpm execution with package-manager auto-switching and a repository-controlled env lockfile.\n\nPatched versions: pending release containing this patch.\n\n## Severity\n\nSeverity: High\n\nVector string: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`\n\nBase score: 8.8\n\nRationale: the malicious source is repository-controlled package-manager lockfile state delivered through normal supply-chain channels. Exploitation is low complexity once the victim runs pnpm directly, no attacker privileges are required, and user interaction is required. Successful exploitation executes attacker-selected package-manager code in the victim user\u0027s security context, with high confidentiality, integrity, and availability impact.\n\n## Weaknesses\n\nCWE-829: Inclusion of Functionality from Untrusted Control Sphere\n\nCWE-494: Download of Code Without Integrity Check\n\nCWE-345: Insufficient Verification of Data Authenticity\n\n## Patch\n\nThe patch makes automatic package-manager switching re-resolve repository-provided bootstrap metadata before install and execution:\n\n- `resolvePackageManagerIntegrities()` accepts `force`, which bypasses the version-only fast path.\n- `switchCliVersion()` creates a store controller even when the committed env lockfile already contains satisfying package-manager dependency versions.\n- `switchCliVersion()` calls `resolvePackageManagerIntegrities()` with `force: true` for already resolved package-manager entries.\n- `switchCliVersion()` assigns the returned env lockfile back to `envLockfile`, so `installPnpmToStore()` installs from freshly resolved metadata.\n- The package-manager bootstrap registry hardening from CAND-PNPM-061 is reused, so the refresh happens through trusted package-manager registries rather than repository workspace registries.\n\nChanged files:\n\n- `installing/env-installer/src/resolvePackageManagerIntegrities.ts`\n- `pnpm/src/switchCliVersion.ts`\n- `pnpm/src/switchCliVersion.test.ts`\n\nChangeset:\n\n- `.changeset/clean-package-manager-registries.md`\n\nPacquet parity:\n\nNo pacquet-side patch is required for this finding because pacquet does not implement pnpm\u0027s package-manager auto-switch path or `installPnpmToStore()`.\n\n## CVSS Reassessment\n\nInitial CVSS remains correct for vulnerable versions: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H` / 8.8 High.\n\nFinal CVSS after patch: not vulnerable after patch / 0.0. The PoC still demonstrates the underlying unforced env-lockfile reuse primitive, but the patched execution path force-refreshes package-manager metadata through trusted bootstrap registries before install or execution.\n\n## Remaining Risk\n\nThe helper `resolvePackageManagerIntegrities()` still has an unforced fast path that treats matching `pnpm` and `@pnpm/exe` versions as resolved. Current execution-sensitive callers either use trusted roots/registries or pass through the patched `switchCliVersion()` boundary, but future execution paths should use `force: true` before installing or executing package-manager bytes from repository-provided env-lockfile metadata.",
  "id": "GHSA-w466-c33r-3gjp",
  "modified": "2026-06-26T23:34:06Z",
  "published": "2026-06-26T23:34:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pnpm/pnpm/security/advisories/GHSA-w466-c33r-3gjp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55698"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pnpm/pnpm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes"
}

GHSA-W46C-9JVJ-8R29

Vulnerability from github – Published: 2025-08-08 18:32 – Updated: 2025-08-08 18:32
VLAI
Details

The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) or via a serial connection, and can install these files without integrity checks. The TTComp archive format used for the firmware is unencrypted and can be unpacked and altered without detection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-08T17:15:29Z",
    "severity": "HIGH"
  },
  "details": "The affected product allows firmware updates to be downloaded from EG4\u0027s\n website, transferred via USB dongles, or installed through EG4\u0027s \nMonitoring Center (remote, cloud-connected interface) or via a serial \nconnection, and can install these files without integrity checks. The \nTTComp archive format used for the firmware is unencrypted and can be \nunpacked and altered without detection.",
  "id": "GHSA-w46c-9jvj-8r29",
  "modified": "2025-08-08T18:32:22Z",
  "published": "2025-08-08T18:32:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53520"
    },
    {
      "type": "WEB",
      "url": "https://eg4electronics.com/contact"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W7PM-9G55-MXFM

Vulnerability from github – Published: 2026-05-29 22:17 – Updated: 2026-05-29 22:17
VLAI
Summary
stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment
Details

Impact

A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded.

Patches

Patched in 0.9.0a2. Disabling plugin signature enforcement now requires a second explicit acknowledgment value.

Workarounds

Before upgrading, keep plugin signing required in all shared or production environments and ensure plugin directories are not writable by untrusted users.

Upgrade

Upgrade to the patched release:

pip install --upgrade --pre stigmem-node

If developers install through the Stigmem meta-package instead, they should use the matching extra for deployments, for example:

pip install --upgrade --pre 'stigmem[node]'

Resources

  • Release: https://github.com/eidetic-labs/stigmem/releases/tag/v0.9.0a2
  • Changelog: https://github.com/eidetic-labs/stigmem/blob/v0.9.0a2/CHANGELOG.md#L14-L35
  • Security policy and posture: https://github.com/eidetic-labs/stigmem/blob/v0.9.0a2/SECURITY.md
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "stigmem-node"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.0a2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-494"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-29T22:17:21Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nA single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded.\n\n### Patches\nPatched in 0.9.0a2. Disabling plugin signature enforcement now requires a second explicit acknowledgment value.\n\n### Workarounds\nBefore upgrading, keep plugin signing required in all shared or production environments and ensure plugin directories are not writable by untrusted users.\n\n### Upgrade\nUpgrade to the patched release:\n\n```bash\npip install --upgrade --pre stigmem-node\n```\n\nIf developers install through the Stigmem meta-package instead, they should use the matching extra for deployments, for example:\n\n```bash\npip install --upgrade --pre \u0027stigmem[node]\u0027\n```\n\n### Resources\n- Release: https://github.com/eidetic-labs/stigmem/releases/tag/v0.9.0a2\n- Changelog: https://github.com/eidetic-labs/stigmem/blob/v0.9.0a2/CHANGELOG.md#L14-L35\n- Security policy and posture: https://github.com/eidetic-labs/stigmem/blob/v0.9.0a2/SECURITY.md",
  "id": "GHSA-w7pm-9g55-mxfm",
  "modified": "2026-05-29T22:17:21Z",
  "published": "2026-05-29T22:17:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/eidetic-labs/stigmem/security/advisories/GHSA-w7pm-9g55-mxfm"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/eidetic-labs/stigmem"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eidetic-labs/stigmem/blob/v0.9.0a2/CHANGELOG.md#L14-L35"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eidetic-labs/stigmem/blob/v0.9.0a2/SECURITY.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eidetic-labs/stigmem/releases/tag/v0.9.0a2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "stigmem-node\u0027s unsigned plugin override could be enabled without a second explicit acknowledgment"
}

GHSA-WFH4-9JFX-XJHF

Vulnerability from github – Published: 2023-12-14 06:30 – Updated: 2023-12-14 06:30
VLAI
Details

A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5630"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-14T05:15:13Z",
    "severity": "MODERATE"
  },
  "details": "\n\n\nA CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a\nprivileged user to install an untrusted firmware.\n\n\n\n",
  "id": "GHSA-wfh4-9jfx-xjhf",
  "modified": "2023-12-14T06:30:44Z",
  "published": "2023-12-14T06:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5630"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-346-01.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WG6R-FV2H-H7XM

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2024-09-16 18:31
VLAI
Details

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3485"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-24T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.",
  "id": "GHSA-wg6r-fv2h-h7xm",
  "modified": "2024-09-16T18:31:17Z",
  "published": "2022-05-24T19:03:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3485"
    },
    {
      "type": "WEB",
      "url": "https://herolab.usd.de/security-advisories/usd-2021-0014"
    },
    {
      "type": "WEB",
      "url": "https://www.bitdefender.com/support/security-advisories/improper-input-validation-in-bitdefender-endpoint-security-tools-for-linux-va-9769"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-42
Implementation

Perform proper forward and reverse DNS lookups to detect DNS spoofing.

Mitigation
Architecture and Design Operation
  • Encrypt the code with a reliable encryption scheme before transmitting.
  • This will only be a partial solution, since it will not detect DNS spoofing and it will not prevent your code from being modified on the hosting site.
Mitigation MIT-4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
  • Speficially, it may be helpful to use tools or frameworks to perform integrity checking on the transmitted code.
  • When providing the code that is to be downloaded, such as for automatic updates of the software, then use cryptographic signatures for the code and modify the download clients to verify the signatures. Ensure that the implementation does not contain CWE-295, CWE-320, CWE-347, and related weaknesses.
  • Use code signing technologies such as Authenticode. See references [REF-454] [REF-455] [REF-456].
Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

Mitigation MIT-22
Architecture and Design Operation

Strategy: Sandbox or Jail

  • Run the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.
  • OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.
  • This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.
  • Be careful to avoid CWE-243 and other weaknesses related to jails.
CAPEC-184: Software Integrity Attack

An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target's integrity to achieve an insecure state.

CAPEC-185: Malicious Software Download

An attacker uses deceptive methods to cause a user or an automated process to download and install dangerous code that originates from an attacker controlled source. There are several variations to this strategy of attack.

CAPEC-186: Malicious Software Update

An adversary uses deceptive methods to cause a user or an automated process to download and install dangerous code believed to be a valid update that originates from an adversary controlled source.

CAPEC-187: Malicious Automated Software Update via Redirection

An attacker exploits two layers of weaknesses in server or client software for automated update mechanisms to undermine the integrity of the target code-base. The first weakness involves a failure to properly authenticate a server as a source of update or patch content. This type of weakness typically results from authentication mechanisms which can be defeated, allowing a hostile server to satisfy the criteria that establish a trust relationship. The second weakness is a systemic failure to validate the identity and integrity of code downloaded from a remote location, hence the inability to distinguish malicious code from a legitimate update.

CAPEC-533: Malicious Manual Software Update

An attacker introduces malicious code to the victim's system by altering the payload of a software update, allowing for additional compromise or site disruption at the victim location. These manual, or user-assisted attacks, vary from requiring the user to download and run an executable, to as streamlined as tricking the user to click a URL. Attacks which aim at penetrating a specific network infrastructure often rely upon secondary attack methods to achieve the desired impact. Spamming, for example, is a common method employed as an secondary attack vector. Thus the attacker has in their arsenal a choice of initial attack vectors ranging from traditional SMTP/POP/IMAP spamming and its varieties, to web-application mechanisms which commonly implement both chat and rich HTML messaging within the user interface.

CAPEC-538: Open-Source Library Manipulation

Adversaries implant malicious code in open source software (OSS) libraries to have it widely distributed, as OSS is commonly downloaded by developers and other users to incorporate into software development projects. The adversary can have a particular system in mind to target, or the implantation can be the first stage of follow-on attacks on many systems.

CAPEC-657: Malicious Automated Software Update via Spoofing

An attackers uses identify or content spoofing to trick a client into performing an automated software update from a malicious source. A malicious automated software update that leverages spoofing can include content or identity spoofing as well as protocol spoofing. Content or identity spoofing attacks can trigger updates in software by embedding scripted mechanisms within a malicious web page, which masquerades as a legitimate update source. Scripting mechanisms communicate with software components and trigger updates from locations specified by the attackers' server. The result is the client believing there is a legitimate software update available but instead downloading a malicious update from the attacker.

CAPEC-662: Adversary in the Browser (AiTB)

An adversary exploits security vulnerabilities or inherent functionalities of a web browser, in order to manipulate traffic between two endpoints.

CAPEC-691: Spoof Open-Source Software Metadata

An adversary spoofs open-source software metadata in an attempt to masquerade malicious software as popular, maintained, and trusted.

CAPEC-692: Spoof Version Control System Commit Metadata

An adversary spoofs metadata pertaining to a Version Control System (VCS) (e.g., Git) repository's commits to deceive users into believing that the maliciously provided software is frequently maintained and originates from a trusted source.

CAPEC-693: StarJacking

An adversary spoofs software popularity metadata to deceive users into believing that a maliciously provided package is widely used and originates from a trusted source.

CAPEC-695: Repo Jacking

An adversary takes advantage of the redirect property of directly linked Version Control System (VCS) repositories to trick users into incorporating malicious code into their applications.