Описание
color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct
Отчет
No Red Hat products use any compromised version of the impacted package(s). For more details see https://access.redhat.com/security/supply-chain-attacks-NPM-packages
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 4 | io.cryostat-cryostat | Not affected | ||
| Gatekeeper 3 | gatekeeper/gatekeeper-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-operator-bundle | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-rhel9-operator | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/eventrouter-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/log-file-metric-exporter-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/loki-operator-bundle | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/loki-rhel9-operator | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
Связанные уязвимости
color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. See references below for more information on the payload. npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper. On 13 S
color-name@2.0.1 contains malware after npm account takeover
EPSS