New research discovers vulnerability in an archived Apache project

Image via Unsplash

Research from Legit Security has disclosed a vulnerability in an archived Apache project. The vulnerability discovered was a dependency confusion, otherwise known as dependency hijacking or substitution attack. Researchers discovered the exploit of the Apache Cordova app harness archived open-source project in the wild, revealing that a malicious actor could utilize arbitrary code where the app is deployed to gain access to the application. This means an attack could lead to remote code execution inside of the production environment.

The researchers argue that this discovery emphasizes the importance of considering third-party dependencies in software development potential weak links. This is especially the case, the research argues, with archived open-source projects that are not often updated or patched.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.