Snyk has reported that there have been attempts or successful attacks targeting this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAvoid using all malicious instances of the onering package.
Affected versions of this package are vulnerable to Embedded Malicious Code that exfiltrates both metadata and code from the project. An attacker can gain unauthorized access to sensitive project information by leveraging the compromised package.