Varwi vakakwanisa kuwana kutonga kwecoa NPM package uye vakaburitsa zvigadziriso 2.0.3, 2.0.4, 2.1.1, 2.1.3 uye 3.1.3, iyo yaisanganisira shanduko dzakaipa. Iyo coa package, iyo inopa mabasa eparsing command line nharo, ine angangoita 9 miriyoni yekudhawunirodha pasvondo uye inoshandiswa sekutsamira pane 159 mamwe mapakeji eNPM, anosanganisira react-scripts uye vue/cli-service. Iyo NPM manejimendi yakatobvisa kuburitswa nekuchinja kwakashata uye yakavharira kuburitswa kweshanduro nyowani kudzamara kuwana kweiyo main developer repository kwadzorerwa.
Kurwiswa uku kwakaitwa kuburikidza nekubira account yemugadziri weprojekiti. Iyo yakawedzera shanduko yakaipa yakafanana neiyo yakashandiswa mukurwiswa kwevashandisi veUAParser.js NPM package masvondo maviri apfuura, asi yakaganhurirwa pakurwiswa chete paWindows platform (isina stubs yakasiiwa mumabhuroki ekurodha eLinux uye macOS) . Iro faira rinogoneka rakadhawunirodhwa uye rakaiswa mushandisi sisitimu kubva kune wekunze muenzi kuenda kugodhi Monero cryptocurrency (iyo XMRig mugodhi yakashandiswa) uye raibhurari yekuvharira mapassword yakaiswa.
Chikanganiso chakaitwa pakugadzira pasuru ine kodhi yakaipa iyo yakakonzera kugadzika kwepakeji kukundikana, saka dambudziko rakakurumidza kuzivikanwa uye kugovera kweiyo yakaipa update kwakavharwa padanho rekutanga. Vashandisi vanofanira kuve nechokwadi chekuti vane vhezheni coa 2.0.2 yakaiswa uye zvinokurudzirwa kuwedzera chinongedzo kushanduro yekushanda mupakeji.json yemapurojekiti avo kana vakanganisa zvakare. npm neshinda: "resolutions": {"coa": "2.0.2" }, pnpm: "pnpm": {"kupfuura": {"coa": "2.0.2"}},
Source: opennet.ru