npm · Malicious package advisory
Malwareprebid.js
GHSA-jwq7-6j4r-2f92
Prebid.js NPM package briefly compromised
Details
### Impact NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. ### Patches 10.10.0 is solved ### References https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack
Compromised versions (1)
- 10.9.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.