mutable-references

1 article
sort: new top best
clear filter
bug-bounty496 xss255 rce132 bragging-post119 google109 account-takeover107 open-source92 privilege-escalation90 authentication-bypass90 facebook86 csrf83 malware83 microsoft76 stored-xss75 access-control73 ai-agents67 web-security64 reflected-xss63 exploit62 cve61 phishing59 input-validation51 sql-injection50 smart-contract49 defi48 information-disclosure48 cross-site-scripting48 privacy47 ethereum46 tool46 reverse-engineering45 ssrf44 api-security43 vulnerability-disclosure39 ai-security38 web-application38 burp-suite37 llm37 opinion37 writeup36 apple36 dos36 cloudflare35 automation35 responsible-disclosure35 web333 infrastructure33 smart-contract-vulnerability33 html-injection33 machine-learning32
0 7/10
If It Quacks Like a Package Manager
research

Comprehensive analysis of how various DevOps tools (GitHub Actions, Ansible Galaxy, Terraform, Helm) have organically developed package-manager characteristics with transitive dependency graphs, yet lack mature security controls like lockfiles, integrity verification, and immutable versioning that traditional package managers have implemented. Identifies systematic supply chain vulnerabilities across these ecosystems including mutable version tags, missing constraint solvers, and unpinnable transitive dependencies.

package-manager supply-chain-security dependency-resolution transitive-dependencies lockfile integrity-verification github-actions ansible-galaxy terraform helm mutable-references version-pinning typosquatting constraint-solving
GitHub Actions Ansible Galaxy Terraform Helm npm Cargo Bundler resolvelib Palo Alto tj-actions/changed-files reviewdog/action-setup Mazer Argo CD Andrew Nesbitt NDC Oslo 2025
nesbitt.io · jandeboevrie · 6 days ago · details · hn