POC详情: f4109e320816c55c7d09fbf46a37b51326857911

来源
https://github.com/nihilor/cve-2025-54313
关联漏洞
标题: eslint-config-prettier 安全漏洞 (CVE-2025-54313)
描述:eslint-config-prettier是Prettier开源的一个应用软件。 eslint-config-prettier 8.10.1版本、9.1.1版本、10.1.6版本和10.1.7版本存在安全漏洞,该漏洞源于嵌入恶意代码,可能导致供应链攻击。
描述
Checks projects for compromised packages, suspicious files, and import statements.
介绍
# cve-2025-54313
Checks projects for compromised packages, suspicious files, and import statements, see [is Supply Chain attack](https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack)

## How?

Just execute the script in the terminal/console. Consider to install `maple` first.

```sh
npm install -g maple
chmod +x cve-2025-54313.sh
./cve-2025-54313.sh
```

![](cve-2025-54313.png)

## License

GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007

Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed. See [LICENSE](./LICENSE)
for details.
文件快照

 [4.0K]  /data/pocs/f4109e320816c55c7d09fbf46a37b51326857911
├── [199K]  cve-2025-54313.png
├── [9.2K]  cve-2025-54313.sh
├── [ 34K]  LICENSE
└── [ 700]  README.md

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。