@xizhouh/former (>=0.0.1 <=1.1.1), @xizhouh/formless (>=0.0.1 <=0.0.6) +1 more potentially affected by unknown CVE via set-object-path (=2.0.1)

set-object-path NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on set-object-path and may be impacted: - @xizhouh/former =0.0.1, =0.0.1, =0.3.0, =0.3.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-33017...

MAL-2025-33017 Malicious code in set-object-path (npm)

The package set-object-path was found to contain malicious code...

Malicious code in set-object-path (npm)

The package set-object-path was found to contain malicious code...