Malicious Package Affecting ajax-cuuu package, versions *
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-AJAXCUUU-3263691
- published 1 Feb 2023
- disclosed 1 Feb 2023
- credit Sonatype Research Team
How to fix?
Avoid using all malicious instances of the ajax-cuuu
package.
Overview
ajax-cuuu is a malicious package. This is a "dependency confusion" package, which means the package name is based on existing repositories, namespaces, or components. It aims to trick users into downloading the package which contains malicious code.
References
CVSS Scores
version 3.1