- cross-posted to:
- security@programming.dev
- cross-posted to:
- security@programming.dev
Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages.
It’s funny bc I’m seeing this as karma for a dark pattern.