You must log in or register to comment.
on first glance it seems like the affected packages are not something someone outside of redhat would use, so i guess the fallout of this will be more interesting than the infected packages themselfs.
I can’t decide if this is real or an advertisement for the linked article service. I don’t see any CVE in the article which seems to be a good indication of the quality of the content.
I’m not saying that this is misinformation, but I’m extremely sceptical about the nature of this article.
It’s both real and an ad, which is why it’s effective.
Here’s a more technical breakdown from jfrog.
