News and Notes from the Makers of Nexus | Sonatype Blog

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand it's impact, potential risks

3 minute read time

In this month's Nexus Intelligence Insights, we're covering CVE-2018-16487: remote code execution and 'prototype' pollution in Lodash and how to protect.

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Nexus Intelligence Insights: CVE-2018-16487 Lodash RCE + 'prototype' pollution

Secure your software supply chain

Subscribe for all the latest software security news and events