Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2025/09/15 1:24 p.m.6 views

@bnsights-test/test-admin-portal (>=0.0.57 <=0.0.60), @bnsights/bbsf-admin-portal (>=1.0.0 <=1.2.20-beta.0) +5 more potentially affected by unknown CVE via ng2-file-upload (=8.0.0)

ng2-file-upload NPM version =8.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ng2-file-upload and may be impacted: - @bnsights-test/test-admin-portal =0.0.57, =1.0.0, =1.0.194-beta.19-1, =49.0.0, =12.0.0, =1.4.0-A19, =14.1.0, =14.3.0 Source cves:...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/15 1:24 p.m.7 views

@bnsights/bbsf-admin-portal (>=1.1.66 <=1.1.93-beta.5), @bnsights/bbsf-controls (>=1.0.170 <=1.0.194-beta.10) +3 more potentially affected by unknown CVE via ng2-file-upload (=7.0.1)

ng2-file-upload NPM version =7.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on ng2-file-upload and may be impacted: - @bnsights/bbsf-admin-portal =1.1.66, =1.0.170, =1.0.194-beta.10 - @ux-aspects/ux-aspects-docs =11.0.0 - angular-mvp =1.3.16-A18 -...

5.8AI score
Exploits0
Snyk
Snyk
added 2025/09/15 1:24 p.m.6 views

Embedded Malicious Code

Overview ng2-file-upload is an Angular file uploader Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a postinstall script called bundle.js that exfiltrates secrets from the affected user's accounts. These versions have been...

9.8CVSS7AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/15 1:24 p.m.7 views

@ottimis/angular-utils (>=1.3.36 <=5.6.1), @solidpepper/solidpepper-modal-media-selection (>=1.0.2 <=1.0.5) +3 more potentially affected by unknown CVE via ng2-file-upload (=9.0.0)

ng2-file-upload NPM version =9.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ng2-file-upload and may be impacted: - @ottimis/angular-utils =1.3.36, =1.0.2, =1.4.1-A20, =0.1.4, =0.1.31 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
OSV
OSV
added 2025/09/15 1:17 p.m.2 views

MAL-2025-47196 Malicious code in ng2-file-upload (npm)

The package ng2-file-upload was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in...

6.7AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/15 1:17 p.m.7 views

Malicious code in ng2-file-upload (npm)

The package ng2-file-upload was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in...

6.7AI score
Exploits0References7
Rows per page
Query Builder