Supply Chain Incident

Go BoltDB typosquat module proxy backdoor

Socket researchers disclosed a backdoored Go module typosquatting BoltDB that persisted through Go Module Proxy caching even after the source repository tag was changed.

ConfidenceHigh
Evidence LevelResearcher
Attack StageDependency Resolution
Source Artifact DivergenceYes
Attribution ConfidenceSuspected

Affected Packages

Affected Releases

  • github.com/boltdb-go/bolt@v1.3.1 pkg:golang/github.com/boltdb-go/bolt@v1.3.1 · published 2021-11-01 Release

Repositories

Organizations

No structured records.

Maintainers

No structured records.

Threat Actors

  • boltdb-go operator

Campaigns

No structured records.

Build Systems

No structured records.

Distribution Channels

  • GitHub repository
  • Go Module Proxy

Compromised Accounts

No structured records.

Connected Entities

  • boltdb-go operator Threat Actor
  • boltdb-go/bolt Repository
  • GitHub repository Distribution Channel
  • github.com/boltdb-go/bolt Package
  • github.com/boltdb-go/bolt@v1.3.1 Release
  • Go Module Proxy Distribution Channel

Attribution Evidence

References