Advisory Database
  • Advisories
  • Dependency Scanning
  1. npm
  2. ›
  3. ua-parser-js
  4. ›
  5. GMS-2021-1

GMS-2021-1: Embedded Malicious Code

October 22, 2021

This package was found to contain malicious code.

References

  • github.com/advisories/GHSA-pjwm-rvh2-c87w
  • us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js

Detect and mitigate GMS-2021-1 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

Version 0.7.29, version 0.8.0, version 1.0.0

Fixed versions

  • 0.7.30
  • 0.8.1
  • 1.0.1

Solution

Upgrade to versions 0.7.30, 0.8.1, 1.0.1 or above.

Source file

npm/ua-parser-js/GMS-2021-1.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Sun, 10 Nov 2024 00:15:32 +0000.