NPM packages coa and rc Compromised¶
WSO2 impacted: No
Evidence of compromise: No
Customers actions required: No
NPM package coa and rc poissonate security breach were identified on November 04, 2021. In addition, The security advisories12 were published on November 04, 2021.
Impact on WSO2 Products and Deployments¶
As per the detailed analysis, it's been confirmed that WSO2 products and services are not using the vulnerable versions of coa and rc.
Thereby confirming that WSO2 or WSO2 customers are not impacted by the said vulnerability.
Security Controls against supply chain attacks¶
- All the PRs will be reviewed and Merged. During this process, if there were any sensitive data on the PRs those will be removed.
- All packages/ artifacts will undergo both Static and Dynamic application testing phases prior to production releases.