This topic created in 335 days ago, the information mentioned may be changed or developed.
用于托管 React 和 React Native 组件库的 Gluestack 日前出现多个恶意软件包,这些恶意软件包被感染远程访问木马 (RAT),这些软件包会执行恶意 Python 和 pip 命令以实现更多目的。
Gluestack 上至少有 17 个已经被感染的软件包,这些软件包的周下载量高达 100 万次,即,典型的供应链攻击。
- @react-native-aria/button
- @react-native-aria/checkbox
- @react-native-aria/combobox
- @react-native-aria/disclosure
- @react-native-aria/focus
- @react-native-aria/interactions
- @react-native-aria/listbox
- @react-native-aria/menu
- @react-native-aria/overlays
- @react-native-aria/radio
- @react-native-aria/switch
- @react-native-aria/toggle
- @react-native-aria/utils
- @gluestack-ui/utils
- @react-native-aria/separator
- @react-native-aria/slider
- @react-native-aria/tabs
消息来源: https://www.landiannews.com/archives/109286.html https://www.aikido.dev/blog/supply-chain-attack-on-react-native-aria-ecosystem
 |
1
wyntalgeer Jun 11, 2025
天塌了,这几天怎么了? Tell me, Why Baby Why?
|
Select Language