VYPR

composer · Malicious package advisory

Malware

tribalsystems/zenario

PKG-PKSA-jm4c-kd3j-5hgr

Zenario allows authenticated admin users to upload PDF files containing malicious code

Details

**CVE:** [CVE-2024-45960](/cves/CVE-2024-45960)

**Severity:** Low

**Affected versions:** <=9.7.61188

**Source:** [GitHub](https://github.com/advisories/GHSA-3636-hx62-pv26)

**Remote ID:** GHSA-3636-hx62-pv26

Compromised versions (1)

  • <=9.7.61188

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.