From e37a7a1a2e2d07d5379e43a9af3de25e631a040d Mon Sep 17 00:00:00 2001
From: ctflearner <98345027+ctflearner@users.noreply.github.com>
Date: Fri, 20 Dec 2024 20:42:39 +0530
Subject: [PATCH] Update dependency-confusion.md

There is a Minor Change in the "Unspecified Version" Section, Where the spelling of "major" is written as "mayor" . Which I have corrected with this pull request.
---
 pentesting-web/dependency-confusion.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pentesting-web/dependency-confusion.md b/pentesting-web/dependency-confusion.md
index 235a3807c..4c90414ff 100644
--- a/pentesting-web/dependency-confusion.md
+++ b/pentesting-web/dependency-confusion.md
@@ -40,7 +40,7 @@ If your company is trying to **import a library that isn't internal**, highly pr
 
 ### Unspecified Version
 
-It's very common for developers to **not specify any version** of the library used, or specify just a **mayor version**. Then, the interpreter will try to download the **latest version** fitting those requirements.\
+It's very common for developers to **not specify any version** of the library used, or specify just a **major version**. Then, the interpreter will try to download the **latest version** fitting those requirements.\
 If the library is a **known external library** (like python `requests`), an **attacker cannot do much**, as he won't be able to create a library called `requests` (unless he is the original author).\
 However, if the library is **internal**, like `requests-company` in this example, if the **library repo** allows to **check for new versions also externally**, it will search for a newer version publicly available.\
 So if an **attacker knows** that the company is using the `requests-company` library **version 1.0.1** (allow minor updates). He can **publish** the library `requests-company` **version 1.0.2** and the company will **use that library instead** of the internal one.