CVE-2024-3094: Urgent alert for Fedora Linux 40 and Rawhide users

petsoi@discuss.tchncs.de to Linux@lemmy.ml – 181 points –
CVE-2024-3094: Urgent alert for Fedora Linux 40 and Rawhide users - Fedora Magazine
fedoramagazine.org
16

You are viewing a single comment

This one might not have been that cheap. The malicious code was added by a maintainer on the project for two years. That is some patience

Agreed. I am more speaking of 'in general', for example there was a supply chain attack on a widely used npm package by writing an email to the author of the npm package. There are other 'cheap' attacks like dependency confusion, typo squatting etc.