GMS-2020-325: Malicious Package

September 3, 2020 (updated September 30, 2021)

contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Remove the package from your environment. Ensure no Ethereum funds were compromised.

References

github.com/advisories/GHSA-3mhm-jvqj-fvhg
www.npmjs.com/advisories/1290

Code Behaviors & Features

Detect and mitigate GMS-2020-325 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →