GitHub 上的恶意软件攻击

MarcP · 2022 年8 月 3 日 09:46

Sharing this here to get awareness for devs because Discourse might be using one of the infected repo’s…

Mr.X_Mr.X · 2022 年8 月 3 日 10:23

The infected repos are clones of the originals, the originals are OK.

david · 2022 年8 月 3 日 10:33

We’re not aware of any impact to Discourse or our dependencies.

As @Mr.X_Mr.X mentioned, the tweet author has admitted that the findings were limited to forks/clones, rather than the true versions of dependencies:

MarcP · 2022 年8 月 3 日 10:38

Ah that is good to know. Better safe then sorry, haha. Felt this was a place where devs at least should be aware of the malware.

miss · 2022 年8 月 3 日 11:15

Welcome to internet!

话题		回复	浏览量
Vulnerabilities in the official Docker image Dev	1	791	2023 年5 月 19 日
Discourse updates - Microsoft Defender reports detection of Wacatac malware Support	7	128	2025 年2 月 4 日
Third-party plugin repository hijacked Support	16	505	2025 年8 月 19 日
Sucuri reports a malware infection? Support	6	2390	2024 年6 月 8 日
Npm packages name and version reported in vulnerability Support	5	133	2024 年12 月 13 日