{"data":{"id":"61b14efe-d9c0-47e8-80d8-fb508a2ea4b0","title":"GHSA-3hfp-gqgh-xc5g: Axios supply chain attack - dependency in @lightdash/cli may resolve to compromised axios versions","summary":"A supply chain attack compromised the axios npm package (versions 1.14.1 and 0.30.4) by injecting a malicious dependency that installs a RAT (remote access trojan, malware giving attackers shell access and command execution). The @lightdash/cli package could resolve to these compromised axios versions during installation, potentially affecting users who installed @lightdash/cli versions 0.1800.0 through 0.2695.0 without a lockfile (a file that pins exact dependency versions) during the roughly 3-hour window the malicious versions were available on npm.","solution":"Upgrade @lightdash/cli immediately to version 0.2695.1, which pins axios to the safe version 1.14.0, using: `npm install -g @lightdash/cli@0.2695.1`. If unable to upgrade immediately, force install the safe axios version with `npm install -g axios@1.14.0 --force`. For Docker images or lockfile-based setups, verify axios is not version 1.14.1 or 0.30.4 by running `npm ls axios`. Additionally, block network traffic to the attacker's command-and-control servers (`sfrclak[.]com` and `142.11.206.73:8000`) at the network level. If compromise is suspected, check for RAT artifacts (macOS: `/Library/Caches/com.apple.act.mond`, Windows: `%PROGRAMDATA%\\wt.exe`, Linux: `/tmp/ld.py`), and if found, rotate all credentials and secrets.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-3hfp-gqgh-xc5g","publishedAt":"2026-04-02T18:36:10.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["@lightdash/cli@>= 0.1800.0, < 0.2695.1 (fixed: 0.2695.1)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Lightdash","axios"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-04-02T18:36:10.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}