2 matches found
Malicious code in action-publish-gh-pages (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a74ffd02c6f641086cd42add073f54fb155173390cde20c495999e563ff0471 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@3yourmind/yoco (=0.0.2-beta.3), @auto-canary/gh-pages (>=9.16.7-canary.0.b718636d.0 <=11.3.0--canary.2478.87bcf4d47797ed8cc7152538b86fd742d8d19462.0) +7 more potentially affected by CVE-2019-10803 via push-dir (=0.4.1)
push-dir NPM version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on push-dir and may be impacted: - @3yourmind/yoco =0.0.2-beta.3 - @auto-canary/gh-pages =9.16.7-canary.0.b718636d.0, =9.17.0, =1.0.0, =0.0.16, =0.0.37, =0.0.1, =0.1.1, =0.7.12...