VYPR

npm · Malicious package advisory

Malware

prebid.js

GHSA-jwq7-6j4r-2f92

Prebid.js NPM package briefly compromised

Details

### Impact
NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet.

### Patches
10.10.0 is solved

### References
https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack

Compromised versions (1)

  • 10.9.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.