Official SAP npm Packages compromised to steal Credentials and Authentication Tokens from Developers Systems.
-
Official SAP npm Packages compromised to steal Credentials and Authentication Tokens from Developers Systems.
Security researchers report that the compromise impacted four packages, with the versions now deprecated on NPM:
• @cap-js/sqlite – v2.2.2
• @cap-js/postgres – v2.2.2
• @cap-js/db-service – v2.10.1
• mbt – v1.2.48
️These packages support SAP's Cloud Application Programming Model [CAP] and Cloud MTA, which are commonly used in enterprise development.️
TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MT...
Compromised SAP CAP npm packages download and execute unverified binaries, creating urgent supply chain risk for affected developers and CI/CD environ...
Socket (socket.dev)
#sap #npmpackages #secure #programming #developer #security #privacy #infosec #tech #news
-
Official SAP npm Packages compromised to steal Credentials and Authentication Tokens from Developers Systems.
Security researchers report that the compromise impacted four packages, with the versions now deprecated on NPM:
• @cap-js/sqlite – v2.2.2
• @cap-js/postgres – v2.2.2
• @cap-js/db-service – v2.10.1
• mbt – v1.2.48️These packages support SAP's Cloud Application Programming Model [CAP] and Cloud MTA, which are commonly used in enterprise development.️
TeamPCP-Linked Supply Chain Attack Hits SAP CAP and Cloud MT...
Compromised SAP CAP npm packages download and execute unverified binaries, creating urgent supply chain risk for affected developers and CI/CD environ...
Socket (socket.dev)
#sap #npmpackages #secure #programming #developer #security #privacy #infosec #tech #news
@Olly42 Wait, are the compromised versions of those packages still available for download anywhere, or did npm fully pull them after they were deprecated?
-
R relay@relay.publicsquare.global shared this topic
