Description
Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware detailed in the blog post below. This includes the extremely popular jsdelivr hosting of this file.
Recommendation
No fix is available yet. Followings are affected versions:
- = 1.17.3
References
Related Issues
- JS Html Sanitizer allows XSS when used with contentEditable - CVE-2025-29771
- Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags - CVE-2021-33295
- Joplin Vulnerable to Cross-site Scripting in Note Content - CVE-2018-1000534
- zcap has incomplete expiration checks in capability chains. - CVE-2024-31995
- Tags:
- npm
- prebid-universal-creative
Anything's wrong? Let us know Last updated on September 11, 2025