3 matches found
Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion
In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the...
CVE-2022-23812
This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. Note: from versions 11.0.0 onwards, instead of having malicious code directly in the sourc...
CVE-2022-23812
The CVE-2022-23812 vulnerability affects the node-ipc package (versions 10.1.1 and 10.1.2). Embedded malicious code is triggered based on geolocation (Russia/Belarus) and overwrites user files with a heart emoji; the maintainer removed this code in version 10.1.3. Starting with 11.0.0, node-ipc i...