/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-6fj7-2fc2-hgq2

Published

Last updated

https://images.chainguard.dev/security/CGA-6fj7-2fc2-hgq2
Package

wordpress

RepositoryWolfi
Latest Update
Not affected
Aliases
  • GHSA-q87j-q95m-j3x3

Severity

Unknown

References

  • https://github.com/advisories/GHSA-q87j-q95m-j3x3

Updates

Status

Not affected

Justification

Vulnerable code not present

Impact

The vulnerable code was a package hosted by NPM that contained an install script leading to malicious malware. Chainguard does not source the twentytwentyone template from this now removed NPM source and pulls directly from the wordpress git repo. Chainguard's twentytwentyone package.json has been checked and verifed to not include install scripts that pull from a remote source.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing