MAL-2025-17682 Malicious code in cressida-middleware-async-galaxy (npm)

The package cressida-middleware-async-galaxy was found to contain malicious code...

co.jufeng:jufeng-dao (>=1.0.0 <=1.0.1), co.paralleluniverse:galaxy (>=1.2.1 <=1.4) +487 more potentially affected by CVE-2016-2141 via org.jgroups:jgroups (>=3.3.0.CR1 <=3.6.0.Final)

org.jgroups:jgroups MAVEN version =3.3.0.CR1, =1.0.0, =1.2.1, =0.3.0, =1.0.2-1, =0.9.11, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2016-2141 Source advisory: OSV:GHSA-RC7H-X6CQ-988Q...