writeups.xyz / NPM might be executing malicious code in your CI without your knowledge

Submitter : c2a

Date: 3 January 2022

Bounty : undisclosed

Vulnerabilities :

RCE

Programs :

GitHub

Authors :

Rotem Bar (@Rotembar)

Link :
https://medium.com/cider-sec/npm-might-be-executing-malicious-code-in-your-ci-without-your-knowledge-e5e45bab2fed