2 matches found
MAL-2026-4019 Malicious code in @antv/gl-matrix (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
1g6table (=0.1.0), @actonate/mirkwood-rx (=0.10.9) +1549 more potentially affected by unknown CVE via @antv/gl-matrix (=2.7.1)
@antv/gl-matrix NPM version =2.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/gl-matrix and may be impacted: - 1g6table =0.1.0 - @actonate/mirkwood-rx =0.10.9 - @aegis.inc/flow =0.0.1-beta, =0.1.0, =0.5.0-alpha.0, =0.1.0, =0.5.0-alpha.0,...