NPM packages coa and rc Compromised¶
WSO2 impacted: No
Evidence of compromise: No
Customers actions required: No
Impact on WSO2 Products and Deployments¶
As per the detailed analysis, it's been confirmed that WSO2 products and services are not using the vulnerable versions of coa and rc.
Thereby confirming that WSO2 or WSO2 customers are not impacted by the said vulnerability.
Security Controls against supply chain attacks¶
- All the PRs will be reviewed and Merged. During this process, if there were any sensitive data on the PRs those will be removed.
- All packages/ artifacts will undergo both Static and Dynamic application testing phases prior to production releases.