Description
NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers’ wallet.
Recommendation
Update the prebid.js package to the latest compatible version. Followings are version details:
- Affected version(s): = 10.9.2
- Patched version(s): 10.10.0
References
Related Issues
- Angular vulnerable to Cross-site Scripting - CVE-2020-7676
- rollbar vulnerable to prototype pollution - CVE-2025-57325
- csvjson vulnerable to prototype injection - CVE-2025-57318
- devalue prototype pollution vulnerability - CVE-2025-57820
- Tags:
- npm
- prebid.js
Anything's wrong? Let us know Last updated on September 11, 2025