Description
NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers’ wallet.
Recommendation
Update the prebid.js package to the latest compatible version. Followings are version details:
- Affected version(s): = 10.9.2
- Patched version(s): 10.10.0
References
Related Issues
- Directory Traversal in node-simple-router - CVE-2017-16083
- csvjson vulnerable to prototype injection - CVE-2025-57318
- devalue prototype pollution vulnerability - CVE-2025-57820
- js-toml Prototype Pollution Vulnerability - CVE-2025-54803
- Tags:
- npm
- prebid.js
Anything's wrong? Let us know Last updated on September 11, 2025