Malicious code in @service-suppliers/suppliers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a79ca8ef6257be2fbac9c361b969d9e63ce6a833e42dafa4b558e1f805276502 On npm install, scripts/postinstall.js performs two attacker-benefit actions against the installer. First, it scrapes installer-side credentials: it...

MAL-2026-4435 Malicious code in @service-suppliers/fetch_suppliers_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a3ebab0ad45763f2a27f43a1f97a820409b215589a45b5f3928b169ffc062bb The postinstall script scripts/postinstall.js performs three independent installer-harm actions on npm install. 1 It enumerates process.env for...

GHSA-QPV8-G6QV-RF8P

creationtimestamp| type| source ---|---|--- 2025-05-13 15:55:04+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114501334070497265...

Escape or filter script tags in "all activity" panel

We've got an external report about a third party plugin: quote From: Vincent Ollivier Date: 29 July 2014 13:12 Subject: JIRA 6.2.5 / JEditor XSS Vulnerability To: [email protected] Hi, Sorry for the email, I couldn't find the correct project to report this security issue. There's an XSS in...

Implement clickjacking protection on https://answers.atlassian.com/

We received an external security report from Monendra Sahu that https://answers.atlassian.com/ is vulnerable to clickjacking|http://en.wikipedia.org/wiki/Clickjacking. This can be fixed by sending a X-Frame-Options header with a value of SAMEORIGIN. This will prevent answers from being displayed ...