4 matches found
Malicious code in ast-plugin (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
EEF-CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden
Summary Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program...
Malicious code in actions-run-service (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0096c4c86f75bd5815b589d90393b9d5efa12ac9fdae99a2cb6293475de0cbf8 The OpenSSF Package Analysis project identified 'actions-run-service' @ 0.0.1.r2301dc6 rubygems as malicious. It is considered malicious because...
MAL-2025-46891 Malicious code in actions-run-service (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0096c4c86f75bd5815b589d90393b9d5efa12ac9fdae99a2cb6293475de0cbf8 The OpenSSF Package Analysis project identified 'actions-run-service' @ 0.0.1.r2301dc6 rubygems as malicious. It is considered malicious because...