6 matches found
@bnsights-test/test-admin-portal (>=0.0.57 <=0.0.60), @bnsights/bbsf-admin-portal (>=1.0.0 <=1.2.20-beta.0) +5 more potentially affected by unknown CVE via ng2-file-upload (=8.0.0)
ng2-file-upload NPM version =8.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ng2-file-upload and may be impacted: - @bnsights-test/test-admin-portal =0.0.57, =1.0.0, =1.0.194-beta.19-1, =49.0.0, =12.0.0, =1.4.0-A19, =14.1.0, =14.3.0 Source cves:...
@bnsights/bbsf-admin-portal (>=1.1.66 <=1.1.93-beta.5), @bnsights/bbsf-controls (>=1.0.170 <=1.0.194-beta.10) +3 more potentially affected by unknown CVE via ng2-file-upload (=7.0.1)
ng2-file-upload NPM version =7.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on ng2-file-upload and may be impacted: - @bnsights/bbsf-admin-portal =1.1.66, =1.0.170, =1.0.194-beta.10 - @ux-aspects/ux-aspects-docs =11.0.0 - angular-mvp =1.3.16-A18 -...
Embedded Malicious Code
Overview ng2-file-upload is an Angular file uploader Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a postinstall script called bundle.js that exfiltrates secrets from the affected user's accounts. These versions have been...
@ottimis/angular-utils (>=1.3.36 <=5.6.1), @solidpepper/solidpepper-modal-media-selection (>=1.0.2 <=1.0.5) +3 more potentially affected by unknown CVE via ng2-file-upload (=9.0.0)
ng2-file-upload NPM version =9.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ng2-file-upload and may be impacted: - @ottimis/angular-utils =1.3.36, =1.0.2, =1.4.1-A20, =0.1.4, =0.1.31 Source cves: unknown CVE Source advisory:...
MAL-2025-47196 Malicious code in ng2-file-upload (npm)
The package ng2-file-upload was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in...
Malicious code in ng2-file-upload (npm)
The package ng2-file-upload was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in...