Status
Justification
Impact
The vulnerable code was a package hosted by NPM that contained an install script leading to malicious malware. Chainguard does not source the twentytwentyone template from this now removed NPM source and pulls directly from the wordpress git repo. Chainguard's twentytwentyone package.json has been checked and verifed to not include install scripts that pull from a remote source.
Status