writeups.xyz / Introducing MavenGate: a supply chain attack method for Java and Android applications

Submitter : c2a

Date: 17 January 2024

Bounty : undisclosed

Vulnerabilities :

• Dependency Hijacking
• Android
• Maven
• Supply Chain Attack

Programs :

• Google
• Facebook
• Amazon
• Microsoft
• Adobe
• LinkedIn
• Netflix

Authors :

• Oversecured (@OversecuredInc)

Link :
https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/#vulnerable-dependencies-in-real-projects