@dm3-org/delivery-service (>=1.4.0 <=1.7.1), @dm3-org/dm3-backend (>=1.0.1 <=1.7.1) +18 more potentially affected by unknown CVE via @dm3-org/dm3-lib-crypto (=1.7.2)

@dm3-org/dm3-lib-crypto NPM version =1.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on @dm3-org/dm3-lib-crypto and may be impacted: - @dm3-org/delivery-service =1.4.0, =1.0.1, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =0.0.1-alpha1, =1.0.5, =1.4.0,...

MAL-2025-5018 Malicious code in @dm3-org/dm3-lib-crypto (npm)

The package communicates with a domain associated with malicious activity...