# Dependency Confusion {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
{% embed url="https://websec.nl/" %} ## Basic Information μš”μ•½ν•˜μžλ©΄, μ˜μ‘΄μ„± ν˜Όλž€ 취약점은 ν”„λ‘œμ νŠΈκ°€ **잘λͺ» 철자된** 이름, **μ‘΄μž¬ν•˜μ§€ μ•ŠλŠ”** 이름 λ˜λŠ” **μ§€μ •λ˜μ§€ μ•Šμ€ 버전**의 라이브러리λ₯Ό μ‚¬μš©ν•  λ•Œ λ°œμƒν•˜λ©°, μ‚¬μš©λœ μ˜μ‘΄μ„± μ €μž₯μ†Œκ°€ **곡개** μ €μž₯μ†Œμ—μ„œ **μ—…λ°μ΄νŠΈλœ 버전을 μˆ˜μ§‘**ν•  수 μžˆλ„λ‘ ν—ˆμš©ν•©λ‹ˆλ‹€. * **잘λͺ» 철자된**: **`reqests`**λ₯Ό λŒ€μ‹ ν•˜μ—¬ `requests`λ₯Ό κ°€μ Έμ˜€κΈ° * **μ‘΄μž¬ν•˜μ§€ μ•ŠλŠ”**: 더 이상 **μ‘΄μž¬ν•˜μ§€ μ•ŠλŠ”** λ‚΄λΆ€ 라이브러리인 `company-logging` κ°€μ Έμ˜€κΈ° * **μ§€μ •λ˜μ§€ μ•Šμ€ 버전**: **λ‚΄λΆ€**에 **μ‘΄μž¬ν•˜λŠ”** `company-requests` 라이브러리λ₯Ό κ°€μ Έμ˜€μ§€λ§Œ, μ €μž₯μ†Œκ°€ **더 큰 버전**이 μžˆλŠ”μ§€ ν™•μΈν•˜κΈ° μœ„ν•΄ **곡개 μ €μž₯μ†Œ**λ₯Ό ν™•μΈν•©λ‹ˆλ‹€. ## Exploitation {% hint style="warning" %} λͺ¨λ“  κ²½μš°μ— κ³΅κ²©μžλŠ” ν”Όν•΄ νšŒμ‚¬μ—μ„œ μ‚¬μš©ν•˜λŠ” 라이브러리의 **이름을 가진 μ•…μ„± νŒ¨ν‚€μ§€**λ₯Ό κ²Œμ‹œν•˜κΈ°λ§Œ ν•˜λ©΄ λ©λ‹ˆλ‹€. {% endhint %} ### Misspelled & Inexistent νšŒμ‚¬κ°€ **λ‚΄λΆ€ λΌμ΄λΈŒλŸ¬λ¦¬κ°€ μ•„λ‹Œ 라이브러리**λ₯Ό κ°€μ Έμ˜€λ €κ³  ν•œλ‹€λ©΄, 라이브러리 μ €μž₯μ†Œκ°€ **곡개 μ €μž₯μ†Œ**μ—μ„œ 이λ₯Ό 검색할 κ°€λŠ₯성이 λ†’μŠ΅λ‹ˆλ‹€. κ³΅κ²©μžκ°€ 이λ₯Ό μƒμ„±ν–ˆλ‹€λ©΄, κ·€ν•˜μ˜ μ½”λ“œμ™€ μ‹€ν–‰ 쀑인 머신은 맀우 높은 ν™•λ₯ λ‘œ 손상될 κ²ƒμž…λ‹ˆλ‹€. ### Unspecified Version κ°œλ°œμžκ°€ μ‚¬μš©λœ 라이브러리의 **버전을 μ§€μ •ν•˜μ§€ μ•Šκ±°λ‚˜** 단지 **μ£Όμš” 버전**만 μ§€μ •ν•˜λŠ” κ²½μš°κ°€ 맀우 ν”ν•©λ‹ˆλ‹€. 그러면 μΈν„°ν”„λ¦¬ν„°λŠ” ν•΄λ‹Ή μš”κ΅¬ 사항에 λ§žλŠ” **μ΅œμ‹  버전**을 λ‹€μš΄λ‘œλ“œν•˜λ €κ³  μ‹œλ„ν•©λ‹ˆλ‹€.\ λΌμ΄λΈŒλŸ¬λ¦¬κ°€ **잘 μ•Œλ €μ§„ μ™ΈλΆ€ 라이브러리**(예: python `requests`)인 경우, **κ³΅κ²©μžλŠ” λ§Žμ€ 것을 ν•  수 μ—†μŠ΅λ‹ˆλ‹€**, μ™œλƒν•˜λ©΄ κ·ΈλŠ” `requests`λΌλŠ” μ΄λ¦„μ˜ 라이브러리λ₯Ό λ§Œλ“€ 수 μ—†κΈ° λ•Œλ¬Έμž…λ‹ˆλ‹€(κ·Έκ°€ μ›λž˜ μ €μžκ°€ μ•„λ‹Œ ν•œ).\ κ·ΈλŸ¬λ‚˜ λΌμ΄λΈŒλŸ¬λ¦¬κ°€ **λ‚΄λΆ€**인 경우, 이 μ˜ˆμ—μ„œ `requests-company`와 같이, **라이브러리 μ €μž₯μ†Œ**κ°€ **μ™ΈλΆ€μ—μ„œλ„ μƒˆλ‘œμš΄ 버전을 확인**ν•  수 μžˆλ„λ‘ ν—ˆμš©ν•˜λ©΄, 곡개적으둜 μ‚¬μš© κ°€λŠ₯ν•œ 더 μ΅œμ‹  버전을 κ²€μƒ‰ν•©λ‹ˆλ‹€.\ λ”°λΌμ„œ **κ³΅κ²©μžκ°€** νšŒμ‚¬κ°€ `requests-company` 라이브러리 **버전 1.0.1**(μ†Œκ·œλͺ¨ μ—…λ°μ΄νŠΈ ν—ˆμš©)을 μ‚¬μš©ν•˜κ³  μžˆλ‹€λŠ” 것을 μ•Œκ³  μžˆλ‹€λ©΄, κ·ΈλŠ” `requests-company` **버전 1.0.2**λ₯Ό **κ²Œμ‹œ**ν•  수 있으며, νšŒμ‚¬λŠ” λ‚΄λΆ€ 라이브러리 λŒ€μ‹  ν•΄λ‹Ή 라이브러리λ₯Ό **μ‚¬μš©ν•˜κ²Œ λ©λ‹ˆλ‹€**. ## AWS Fix 이 취약점은 AWS **CodeArtifact**μ—μ„œ λ°œκ²¬λ˜μ—ˆμŠ΅λ‹ˆλ‹€(μžμ„Έν•œ λ‚΄μš©μ€ [**이 λΈ”λ‘œκ·Έ κ²Œμ‹œλ¬Ό**](https://zego.engineering/dependency-confusion-in-aws-codeartifact-86b9ff68963d)μ—μ„œ ν™•μΈν•˜μ„Έμš”).\ AWSλŠ” λΌμ΄λΈŒλŸ¬λ¦¬κ°€ 내뢀인지 외뢀인지 지정할 수 μžˆλ„λ‘ ν•˜μ—¬ μ™ΈλΆ€ μ €μž₯μ†Œμ—μ„œ λ‚΄λΆ€ μ˜μ‘΄μ„±μ„ λ‹€μš΄λ‘œλ“œν•˜λŠ” 것을 λ°©μ§€ν–ˆμŠ΅λ‹ˆλ‹€. ## Finding Vulnerable Libraries [**μ˜μ‘΄μ„± ν˜Όλž€μ— λŒ€ν•œ μ›λž˜ κ²Œμ‹œλ¬Ό**](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610)μ—μ„œ μ €μžλŠ” μžλ°”μŠ€ν¬λ¦½νŠΈ ν”„λ‘œμ νŠΈμ˜ μ˜μ‘΄μ„±μ„ ν¬ν•¨ν•˜λŠ” 수천 개의 λ…ΈμΆœλœ package.json νŒŒμΌμ„ κ²€μƒ‰ν–ˆμŠ΅λ‹ˆλ‹€. ## References * [https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610) * [https://zego.engineering/dependency-confusion-in-aws-codeartifact-86b9ff68963d](https://zego.engineering/dependency-confusion-in-aws-codeartifact-86b9ff68963d)
{% embed url="https://websec.nl/" %} {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}