#Malware Discovered in Popular #NPM Package, ua-parser-js

Read Time41 Second

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

10/22/2021 09:57 PM EDT

 

Original release date: October 22, 2021
Versions of a popular NPM package named ua-parser-js was found to contain malicious softwareua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system.

CISA urges users and administers using compromised ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0 to update to the respective patched versions: 0.7.30, 0.8.1, 1.0.1

For more information, see Embedded malware in ua-parser-js.

About Post Author

Robert Williams

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: