Malicious npm packages detected across Red Hat Cloud Services
Malicious npm packages detected across Red Hat Cloud Services
Red Hat Cloud Services 中检测到恶意 npm 软件包
[SECURITY]: Malicious npm releases detected across @redhat-cloud-services/ scope.
[安全警告]:在 @redhat-cloud-services/ 作用域下检测到恶意 npm 发布版本。
Ref: https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised https://app.stepsecurity.io/oss-security-feed?q=@redhat-cloud-services
参考链接: https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised https://app.stepsecurity.io/oss-security-feed?q=@redhat-cloud-services
Affected Packages (updated)
受影响的软件包(已更新)
| Package | Compromised Versions |
|---|---|
| 软件包 | 受感染版本 |
| @redhat-cloud-services/chrome | 2.3.1, 2.3.2, 2.3.4 |
| @redhat-cloud-services/compliance-client | 4.0.3, 4.0.4, 4.0.6 |
| @redhat-cloud-services/config-manager-client | 5.0.4, 5.0.5, 5.0.7 |
| @redhat-cloud-services/entitlements-client | 4.0.11, 4.0.12, 4.0.14 |
| @redhat-cloud-services/eslint-config-redhat-cloud-services | 3.2.1, 3.2.2, 3.2.4 |
| @redhat-cloud-services/frontend-components | 7.7.2, 7.7.3, 7.7.5 |
| @redhat-cloud-services/frontend-components-advisor-components | 3.8.2, 3.8.4, 3.8.6 |
| @redhat-cloud-services/frontend-components-config | 6.11.3, 6.11.4, 6.11.6 |
| @redhat-cloud-services/frontend-components-config-utilities | 4.11.2, 4.11.3, 4.11.5 |
| @redhat-cloud-services/frontend-components-notifications | 6.9.2, 6.9.3, 6.9.5 |
| @redhat-cloud-services/frontend-components-remediations | 4.9.2, 4.9.3, 4.9.5 |
| @redhat-cloud-services/frontend-components-testing | 1.2.1, 1.2.2, 1.2.4 |
| @redhat-cloud-services/frontend-components-translations | 4.4.1, 4.4.2, 4.4.4 |
| @redhat-cloud-services/frontend-components-utilities | 7.4.1, 7.4.2, 7.4.4 |
| @redhat-cloud-services/hcc-feo-mcp | 0.3.1, 0.3.2, 0.3.4 |
| @redhat-cloud-services/hcc-kessel-mcp | 0.3.1, 0.3.2, 0.3.4 |
| @redhat-cloud-services/hcc-pf-mcp | 0.6.1, 0.6.2, 0.6.4 |
| @redhat-cloud-services/host-inventory-client | 5.0.3, 5.0.4, 5.0.6 |
| @redhat-cloud-services/insights-client | 4.0.4, 4.0.5, 4.0.7 |
| @redhat-cloud-services/integrations-client | 6.0.4, 6.0.5, 6.0.7 |
| @redhat-cloud-services/javascript-clients-shared | 2.0.8, 2.0.9, 2.0.11 |
| @redhat-cloud-services/notifications-client | 6.1.4, 6.1.5, 6.1.7 |
| @redhat-cloud-services/patch-client | 4.0.4, 4.0.5, 4.0.7 |
| @redhat-cloud-services/quickstarts-client | 4.0.11, 4.0.12, 4.0.14 |
| @redhat-cloud-services/rbac-client | 9.0.3, 9.0.4, 9.0.6 |
| @redhat-cloud-services/remediations-client | 4.0.4, 4.0.5, 4.0.7 |
| @redhat-cloud-services/rule-components | 4.7.2, 4.7.3, 4.7.5 |
| @redhat-cloud-services/sources-client | 3.0.10, 3.0.11, 3.0.13 |
| @redhat-cloud-services/topological-inventory-client | 3.0.10, 3.0.11, 3.0.13 |
| @redhat-cloud-services/tsc-transform-imports | 1.2.2, 1.2.4, 1.2.6 |
| @redhat-cloud-services/types | 3.6.1, 3.6.2, 3.6.4 |
| @redhat-cloud-services/vulnerabilities-client | 2.1.9, 2.1.11 |