Official SAP npm Packages compromised to steal Credentials and Authentication Tokens from Developers Systems.
-
Official SAP npm Packages compromised to steal Credentials and Authentication Tokens from Developers Systems.
Security researchers report that the compromise impacted four packages, with the versions now deprecated on NPM:
• @cap-js/sqlite – v2.2.2
• @cap-js/postgres – v2.2.2
• @cap-js/db-service – v2.10.1
• mbt – v1.2.48
️These packages support SAP's Cloud Application Programming Model [CAP] and Cloud MTA, which are commonly used in enterprise development.️https://socket.dev/blog/sap-cap-npm-packages-supply-chain-attack
#sap #npmpackages #secure #programming #developer #security #privacy #infosec #tech #news
-
Official SAP npm Packages compromised to steal Credentials and Authentication Tokens from Developers Systems.
Security researchers report that the compromise impacted four packages, with the versions now deprecated on NPM:
• @cap-js/sqlite – v2.2.2
• @cap-js/postgres – v2.2.2
• @cap-js/db-service – v2.10.1
• mbt – v1.2.48️These packages support SAP's Cloud Application Programming Model [CAP] and Cloud MTA, which are commonly used in enterprise development.️https://socket.dev/blog/sap-cap-npm-packages-supply-chain-attack
#sap #npmpackages #secure #programming #developer #security #privacy #infosec #tech #news
@Olly42 Wait, are the compromised versions of those packages still available for download anywhere, or did npm fully pull them after they were deprecated?
-
R relay@relay.publicsquare.global shared this topic
