4 matches found
MAL-2025-187120 Malicious code in gatsby-config-postgres-concurrently (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da39a9e2fd7a04f5eb662fb6eef0160a78e4ec3832a4537c9e704e0731297736 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-114617
Malicious code in deimos-gatsby-config-xanthus npm...
Malicious code in deimos-gatsby-config-xanthus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11e0ef6b20e01abb0c888a4ffa0a1c801db4dc89a89b1840fa59da4f1345f654 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Authentication flaw
Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...