You are here

Malicious Code in NPM Package 'event-stream'

npm, event-stream, malicious code

Malicious code was found in the NPM package 'event-stream' , which is widely used. The code appears to focus on stealing bitcoins.

Airlock Suite (IAM and WAF) is not affected, as the affected version of 'event-stream' is not used.

If you are using 'event-stream' version 3.3.6 in your web application, we recommend to revert to version 3.3.4.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required