There is no fixed version for katello .

yandex-logger-std@0.0.1-security vulnerabilities

security holding package

latest version

0.0.1-security

first published

1 years ago

latest version published

1 years ago

licenses detected

Unknown
>=0

View yandex-logger-std package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the yandex-logger-std package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Malicious Package yandex-logger-std is a malicious package. This is a typo-squatting attack, which means the package name is based on the existing repositories, namespaces, or components. It aims to trick users into downloading a package that contains malicious code. This targets popular Yandex packages and contains malicious code in the preinstall command which allows sending sensitive information about the system and user to a remote server. How to fix Malicious Package? Avoid using all malicious instances of the `yandex-logger-std` package.	*

Malicious Package

yandex-logger-std is a malicious package. This is a typo-squatting attack, which means the package name is based on the existing repositories, namespaces, or components. It aims to trick users into downloading a package that contains malicious code.

This targets popular Yandex packages and contains malicious code in the preinstall command which allows sending sensitive information about the system and user to a remote server.

How to fix Malicious Package?

Avoid using all malicious instances of the yandex-logger-std package.

Go back to all versions of this package