Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Axios npm Supply Chain Incident Impacting @usebruno/cli
Vulnerability Description
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT). Users of @usebruno/cli who ran npm install between 00:21 UTC and ~03:30 UTC on March 31, 2026 may have been impacted. Upgrade to 3.2.1
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
下载代码缺少完整性检查
Vulnerability Title
Bruno 安全漏洞
Vulnerability Description
Bruno是usebruno开源的一个用于探索和测试 Api 的开源 IDE。 Bruno 3.2.1之前版本存在安全漏洞,该漏洞源于供应链攻击,涉及被篡改的axios npm包,可能部署跨平台远程访问木马。
CVSS Information
N/A
Vulnerability Type
N/A