Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js
Original release date: October 22, 2021
Versions of a popular NPM package named ua-parser-js
was found to contain malicious software. ua-parser-js
is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system.
CISA urges users and administers using compromised ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0 to update to the respective patched versions: 0.7.30, 0.8.1, 1.0.1
For more information, see Embedded malware in ua-parser-js.
This product is provided subject to this Notification and this Privacy & Use policy.
Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js