Supply-Chain Compromise

Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise.

Metadata

Severity: high
Slug: supply-chain-compromise

MITRE

T1565.001: Data Manipulation: Stored Data Manipulation
T1573.002: Encrypted Channel: Asymmetric Cryptography
T1195.002: Supply Chain Compromise: Compromise Software Supply Chain
T1059.004: Command and Scripting Interpreter: Unix Shell

Available Labs

Open Javascript labs in SecDim Play for this vulnerability.

medium

Supply Chain Compromise.ir

JavaScript Medium Incident Response Github Signature New

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.