Uncontrolled Search Path Element
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-427: Uncontrolled Search Path Element |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Package dependencies with variant versions may lead to dependency hijack and confusion attacks. Better to specify an exact version or use package-lock.json for a specific version of the package.