Malicious code in pearpass-lib-vault-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ea7f0d3f5aeb68d46d1b2937e4f8ae385bbf4259cc518a7a27c72cc0068610f The package pearpass-lib-vault-core was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1239 Malicious code in pearpass-lib-vault-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ea7f0d3f5aeb68d46d1b2937e4f8ae385bbf4259cc518a7a27c72cc0068610f The package pearpass-lib-vault-core was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview pearpass-lib-vault-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Insecure Session Management

spring-vault-core is vulnerable to Insecure Session Management. The vulnerability exists because the library does not properly hide sensitive information from logs after a revocation failure, which allows an attacker to insert sensitive information into a log file when it attempts to revoke a Vau...

org.apache.camel.quarkus:camel-quarkus-hashicorp-vault (=3.0.0-M1), org.apache.camel.quarkus:camel-quarkus-hashicorp-vault-deployment (=3.0.0-M1) +11 more potentially affected by CVE-2023-20859 via org.springframework.vault:spring-vault-core (=3.0.0)

org.springframework.vault:spring-vault-core MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.vault:spring-vault-core and may be impacted: - org.apache.camel.quarkus:camel-quarkus-hashicorp-vault =3.0.0-M1 -...

com.bpfaas:bps-config-server-spring-cloud-starter (>=0.0.1-RELEASE <=3.2.2), com.github.paulcwarren:spring-content-encryption (>=2.7.0 <=2.9.0) +138 more potentially affected by CVE-2023-20859 via org.springframework.vault:spring-vault-core (>=1.0.0.RELEASE <=2.3.2)

org.springframework.vault:spring-vault-core MAVEN version =1.0.0.RELEASE, =0.0.1-RELEASE, =2.7.0, =0.8, =0.8, =0.8, =0.8, =2.4.0, =0.9.1, =0.9.12, =0.10.2, =1.1.6, =1.2.16 and more Source cves: CVE-2023-20859 Source advisory: OSV:GHSA-R47R-87P9-8JH3...