GMS-2020-174: Malicious Package

September 3, 2020 (updated September 29, 2021)

contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Remove the package from your environment. Ensure no Ethereum funds were compromised.

References

github.com/advisories/GHSA-wv39-cgmm-cq29
www.npmjs.com/advisories/1261

Detect and mitigate GMS-2020-174 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →