Patmmccann

Name of the Vulnerable Software and Affected Versions: Prebid.js versions prior to 10.10.0 Prebid.js version 10.9.2 Description: Prebid.js is a free and open source library used by publishers to implement header bidding. NPM users of version 10.9.2 may have been compromised by a malware campaign that attempts to redirect cryptocurrency transactions on the site to the attackers' wallet. Recommendations: Upgrade to Prebid.js version 10.10.0. Downgrade to Prebid.js version 10.9.1.

Name of the Vulnerable Software and Affected Versions: Prebid Universal Creative (PUC) versions 1.17.3 and latest Description: Prebid Universal Creative (PUC) is a JavaScript API used to render multiple formats. Npm users of PUC were briefly affected by crypto-related malware. Recommendations: Transition to PUC version 1.17.2 to avoid similar attacks. See Prebid.js 9 release notes for suggestions on moving off the deprecated workflow of using PUC or pointing to a dynamic version of it.