MAL-2022-157 Malicious code in @bugbounty-automation/deps-json-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cc3cb3b06f569513ecf3acdd6f2dde149853d34f3ea68ada80288bfb074e9b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @bugbounty-automation/deps-json-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cc3cb3b06f569513ecf3acdd6f2dde149853d34f3ea68ada80288bfb074e9b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-160 Malicious code in @bynder-private/persistgraphql-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb7a1f4b894f482ef5d06c40efcd097c36c9c2cb32afc8ff27a71ec7787de6fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @bynder-private/persistgraphql-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb7a1f4b894f482ef5d06c40efcd097c36c9c2cb32afc8ff27a71ec7787de6fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Command Injection

Amendment This was deemed not a vulnerability. Overview git-revision-webpack-plugin is a simple webpack plugin that generates version and commithash files during build based on a local git repository. Affected versions of this package are vulnerable to Command Injection. The function commithash...