Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Dependency confusion is a supply chain attack where a malicious public package impersonates a private internal one, hijacking the build pipeline.
Dependency Confusion Definition: Dependency confusion is a supply chain attack where a malicious public package impersonates a private internal one, hijacking the build pipeline.
Dependency confusion, also called a substitution or namespace confusion attack, is a supply chain attack in which an adversary publishes a malicious package to a public registry using the same name as an organization's private internal package, often with a higher version number. Misconfigured package managers then pull the attacker's public package instead of the trusted internal one, executing malicious code during installation or build.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →