Описание
Malicious Package in load-from-cwd-or-npm
Version 3.0.2 of load-from-cwd-or-npm contains malicious code. The malware breaks functionality of the purescript-installer package by injecting targeted code.
Recommendation
Upgrade to version 3.0.4 or later. There is no indication of further compromise.
Пакеты
Наименование
load-from-cwd-or-npm
npm
Затронутые версииВерсия исправления
= 3.0.2
3.0.4
9.8 Critical
CVSS3
Дефекты
CWE-506
9.8 Critical
CVSS3
Дефекты
CWE-506