Malicious Package Affecting reactjs-slick package, versions *
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-REACTJSSLICK-3263694
- published 1 Feb 2023
- disclosed 1 Feb 2023
- credit Sonatype Research Team
How to fix?
Avoid using all malicious instances of the reactjs-slick
package.
Overview
reactjs-slick is a malicious package. This is a "dependency confusion" package, which means the package name is based on existing repositories, namespaces, or components. It aims to trick users into downloading the package which contains malicious code.
References
CVSS Scores
version 3.1