MAL-2025-47318 Malicious code in json-rules-engine-simplified (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d3d77ef6c0caa448d46f58d6f7da23e9e7b3ae880920707f9dd730325bfda9f5 Any computer that has this package installed or running should be considered fully compromised. All...

@bubbles-ui/leemons (>=1.0.0 <=1.2.277), @imtf/rjsf-conditionals (=5.0.3) +3 more potentially affected by unknown CVE via json-rules-engine-simplified (>=0.1.17 <=0.2.0)

json-rules-engine-simplified NPM version =0.1.17, =1.0.0, =0.1.0, =0.1.17, =0.1.1, =0.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-JSONRULESENGINESIMPLIFIED-12704864...

Embedded Malicious Code

Overview json-rules-engine-simplified is a simple rules engine expressed in JSON Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentia...