CVE-2021-24105 Overview
CVE-2021-24105 is a dependency confusion vulnerability that affects multiple package managers across various programming languages. The vulnerability allows attackers to insert malicious packages into public package manager repositories, which can then be retrieved and executed during development, build, and release processes. This supply chain attack vector affects Python/pip, .NET/NuGet, Java/Maven, and JavaScript/npm package ecosystems.
The attack exploits the way package managers resolve dependencies between public and private repositories. When an organization uses private package names internally, an attacker can publish a malicious package with the same name but a higher version number to public repositories. Vulnerable configurations will automatically download and install the malicious public package instead of the intended private one.
Critical Impact
Remote code execution through supply chain compromise affecting developer machines, CI/CD pipelines, and potentially production environments through malicious package installation.
Affected Products
- Microsoft Package Manager Configurations
- Python/pip package manager
- .NET/NuGet package manager
- Java/Maven package manager
- JavaScript/npm package manager
Discovery Timeline
- 2021-02-25 - CVE CVE-2021-24105 published to NVD
- 2026-02-24 - Last updated in NVD database
Technical Details for CVE-2021-24105
Vulnerability Analysis
This vulnerability represents an ecosystem-wide supply chain attack technique known as "dependency confusion." The core issue lies in how package managers determine which repository to use when resolving package dependencies. When multiple sources are configured (both public and private repositories), the package manager may prefer the package with a higher version number regardless of its source.
The attack requires the adversary to identify internal package names used by target organizations, then publish malicious packages under those same names to public repositories like PyPI, npm, NuGet Gallery, or Maven Central. The malicious packages are assigned very high version numbers to ensure they take precedence during dependency resolution.
Attackers can execute code at multiple points: during package installation through install scripts, during import/compilation of the package, or through malicious code embedded within the package itself. Even if the malicious package causes errors due to code incompatibility, the attacker may have already achieved code execution through install-time hooks.
Root Cause
The root cause is a design flaw in how package managers prioritize package sources during dependency resolution. By default, many package managers do not adequately distinguish between public and private repositories, allowing public packages to override private ones based solely on version number comparison. This creates an implicit trust relationship with public repositories that attackers can exploit.
Organizations are particularly vulnerable when they:
- Use private packages with names that could be registered publicly
- Configure package managers to search both public and private repositories
- Do not explicitly pin package versions or verify package sources
Attack Vector
The attack leverages local access through the development environment. An attacker must first perform reconnaissance to identify internal package names, which can sometimes be discovered through leaked source code, error messages, documentation, or configuration files. Once identified, the attacker creates and publishes a malicious package to public repositories.
The attack unfolds in these stages:
- Reconnaissance: Attacker identifies private package names used by target organization
- Package Creation: Attacker creates a malicious package with the same name and a very high version number
- Publication: Malicious package is published to public repositories (PyPI, npm, NuGet, Maven Central)
- Execution: When targets run package installation commands, the malicious public package is downloaded and installed
- Code Execution: Malicious code executes during installation or when the package is imported
This vulnerability can compromise developer machines, entire development teams if malicious configurations are committed to source control, CI/CD pipelines, and ultimately production environments if the malicious code goes undetected.
Detection Methods for CVE-2021-24105
Indicators of Compromise
- Unexpected packages appearing in dependency lists with unusually high version numbers
- Package installation logs showing downloads from public repositories for packages that should be private
- New or modified packages in local caches that weren't intentionally installed
- Unexpected network connections or process executions during package installation
Detection Strategies
- Monitor package manager logs for installations from unexpected sources
- Implement package integrity verification using checksums and signatures
- Deploy software composition analysis (SCA) tools to detect unauthorized packages
- Review CI/CD pipeline logs for anomalous package resolution behavior
- Compare installed packages against approved dependency manifests
Monitoring Recommendations
- Configure alerts for package installations that bypass private repository sources
- Implement real-time monitoring of package manager activity on developer workstations
- Establish baseline behavior for dependency resolution and alert on deviations
- Monitor network traffic for connections to public package repositories during builds that should use only private sources
How to Mitigate CVE-2021-24105
Immediate Actions Required
- Audit all package manager configurations to ensure private repositories are prioritized
- Register internal package names in public repositories as placeholders to prevent namespace hijacking
- Pin all dependency versions explicitly in lock files or requirements files
- Configure package managers to only allow packages from approved sources
- Review recent builds and deployments for potential compromise
Patch Information
This vulnerability cannot be addressed by patches to the package repositories themselves. Remediation requires reconfiguring installation tools and workflows at the organizational level. Microsoft has published detailed guidance in their security advisory covering configuration steps for various package managers.
For pip/Python, use the --index-url flag with private repositories and avoid --extra-index-url for public sources. For npm, configure .npmrc with proper registry settings. For NuGet, use packageSources configuration to control repository priority. For Maven, configure settings.xml to restrict repository access.
Workarounds
- Use namespace prefixes or scopes for all internal packages (e.g., @company/package-name for npm)
- Configure firewalls to block direct access to public package repositories from build systems
- Implement a package proxy or artifact repository (like Artifactory or Nexus) that controls access to both public and private packages
- Use package lockfiles and verify checksums before installation
- Conduct regular audits of installed packages against approved dependency lists
# Configuration example for pip to use only private repository
pip install --index-url https://private.repo.company.com/simple/ package-name
# For npm, configure .npmrc to scope packages
@company:registry=https://private.npm.company.com/
# For NuGet, configure nuget.config to prioritize private sources
# Add <clear /> before private sources to reset default public repositories
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
