CNNVD-202509-1130 Information

CNNVD ID

CNNVD-202509-1130

Related CVE

CVE-2025-59038

• CNNVD Published: 2025-09-09

Description (Chinese)

Prebid.js是Prebid开源的一个设置和管理标题竞价广告合作软件。 Prebid.js 10.9.2版本存在安全漏洞，该漏洞源于npm包被植入恶意代码，可能重定向加密货币交易。

Description (English)

Prebid.js is a prebid open source setting and management header competitive advertising cooperation software. There is a security loophole in version 10.9.2 of Prebid.js, which stems from the implantation of a npm package into a malicious code, which could lead to a redirected encrypted currency transaction.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

pretalx

Published

2025-09-09

Last Modified

2026-02-24

References

https://github.com/prebid/Prebid.js/security/advisories/GHSA-jwq7-6j4r-2f92 https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack https://access.redhat.com/security/cve/cve-2025-59038

Patch

https://docs.prebid.org/download.html