CNNVD-202507-2520 Information

Jul 19, 2025 cve

CNNVD ID

CNNVD-202507-2520

CVE-2025-54313

  • CNNVD Published: 2025-07-19

Description (Chinese)

eslint-config-prettier是Prettier开源的一个应用软件。 eslint-config-prettier 8.10.1版本、9.1.1版本、10.1.6版本和10.1.7版本存在安全漏洞,该漏洞源于嵌入恶意代码,可能导致供应链攻击。

Description (English)

eslint-config-prittier is an application from Prettier Open Source. Security gaps exist in the eslint-config-prettier versions 8.1.1, 9.1.1, 10.1.6 and 10.1.7, which stem from the embedding of malicious codes that could lead to supply chain attacks.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Prettier

Published

2025-07-19

Last Modified

2026-02-24

References

https://github.com/prettier/eslint-config-prettier/issues/339 https://news.ycombinator.com/item?id=44608811 https://news.ycombinator.com/item?id=44609732 https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromise https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/ https://www.npmjs.com/package/eslint-config-prettier?activeTab=versions https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise https://access.redhat.com/security/cve/cve-2025-54313

Patch

https://www.npmjs.com/package/eslint-config-prettier?activeTab=versions

Share on: