Detailedlikelihood: Lowseverity: HighStable

CAPEC-538Open-Source Library Manipulation

Abstraction
Detailed
Status
Stable
Likelihood
Low
Severity
High

Description

Adversaries implant malicious code in open source software (OSS) libraries to have it widely distributed, as OSS is commonly downloaded by developers and other users to incorporate into software development projects. The adversary can have a particular system in mind to target, or the implantation can be the first stage of follow-on attacks on many systems.

Related weaknesses· 2

CWE-494CWE-829

MITRE ATT&CK crosswalk· 1

T1195.001: Supply Chain Compromise: Software Dependencies and Development Tools

Related attack patterns· 1

CAPEC-444 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessDownload of Code Without Integrity Checkcwe-494100%live
WeaknessInclusion of Functionality from Untrusted Control Spherecwe-829100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueCompromise Software Dependencies and Development Toolst1195.001100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Redirect Access to Libraries
CAPEC
Infiltration of Hardware Development Environment
CAPEC
Code Injection
CAPEC
Infected Software
CAPEC
Remote Code Inclusion
CAPEC
Configuration/Environment Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.