Resources Blog Sonatype Stops Software Supply Chain Attack Aimed at the ...

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

On January 7th, Sonatype became aware of 3 malicious brandjacking components which were published to the Maven Central Repository in the last week of 2020. 

As soon as the company became aware of the issue, we immediately blocked access to, and removed these components from the Central Repository and then initiated a thorough investigation into the incident.

The three component GAVs, tracked by their respective Sonatype vulnerability identifiers, are:

Group ID

Artifact ID

Version(s)

Vulnerability Tracking Identifier

com.github.codingandcoding

maven-compiler-plugin

3.9.0

sonatype-2021-0012

com.github.codingandcoding

mail-watcher-plugin

1.16, 1.17

sonatype-2021-0013

com.github.codingandcoding

servlet-api 

3.2.0

sonatype-2021-0014

 

Written by Admin