Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution


A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion.The vulnerability has been codenamed CloudImposer by Tenable Research."The vulnerability could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool," security researcher Liv Matan said in a report shared with The Hacker News.

Read More


thumb-image

Solutions