5 matches found
Malicious code in polymarket-trader-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54436b6dea3d66e295c1ca82184b4f4b904d8441a68e77845f37cbb039c5f3c9 [email protected] advertises itself as a Polymarket trading helper but its main entry is a remote code loader. The default-exported...
Malicious code in svgson-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceb1026a96918a3f4ed4c7c4f0aa75411c3869f1ad14405174e396b4e67907d2 index.js exports an undocumented getPlugin function which, when invoked, performs an HTTP GET to https://shorturl.at/147uq, JSON-parses the response...
Malicious code in react-ui-polyfills (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c43460df1ee670b8a5982d77e7028aef7df25fa38922f743489fd52b41b5ea Package advertises itself as React polyfills / UI compatibility helpers but ships no React or polyfill code. The exported getPlugin function returns ...
Malicious code in fe-utils-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6181b15ad071542a35154cffc71bc4771db039f548eabfe4100271000e4e3116 The package's default-exported getPlugin function fetches https://svganchordev.net/icons/110 and passes the response's data.credits field to new...
PT-2026-7271
An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit dlt getplugin function at src/tcpedit/plugins/dlt utils.c...