3 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
@antv/g-mobile-webgl (>=0.0.2 <=0.0.4-alpha.16), @antv/g-plugin-3d (>=1.0.0-alpha.1 <=1.0.24-alpha.16) +1 more potentially affected by unknown CVE via @antv/g-plugin-webgl-renderer (=1.0.26)
@antv/g-plugin-webgl-renderer NPM version =1.0.26 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-plugin-webgl-renderer and may be impacted: - @antv/g-mobile-webgl =0.0.2, =1.0.0-alpha.1, =1.0.0-alpha.0, =1.0.26-alpha.16 Source cves: unknown CV...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...