25 October 2021
Our research team has learned that the
ua-parser-js package has been compromised with malicious code by threat actors. The versions affected include:
You can read more of our research in this article.
As of 25 October 2021, a review of dependencies used by active I-SCA customers shows that none of the applications scanned by ShiftLeft CORE are using affected versions of
- Avoid upgrading or rolling back to the affected versions of
- Scan your applications to generate a new SBoM and check for the versions listed above.