Malicious code in cclr-component-resources (npm)

Multiple evidences suggest this package is a malware: code obfuscation, dynamic code execution, suspicious domain, and unusual install script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61af3265fce06cfbb9bbf20e38d468e136487f69c41f70b0bbb1b331535bdf82 The...

CVE-2025-62711 Wasmtime vulnerable to segfault when using component resources

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a...

CVE-2025-62711 Wasmtime vulnerable to segfault when using component resources

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a...

MAL-2024-1959 Malicious code in ccl-component-resources (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3aab5a60bbc55422ada7e8937985342cfee30ddac8e35dab2c0d03eb3d12d23 [email protected] is a dependency-confusion package: name targets a likely-internal package, semver is set to 99.0.0 to win resolution...

Malicious code in ccl-component-resources (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3aab5a60bbc55422ada7e8937985342cfee30ddac8e35dab2c0d03eb3d12d23 [email protected] is a dependency-confusion package: name targets a likely-internal package, semver is set to 99.0.0 to win resolution...