Yes I re-read the cve, I thought it was an issue with an npm package with a cryptominer
Comment on Umami is compromised - upgrade immediately
GraveyardOrbit@lemmy.zip 3 weeks ago[deleted]
GottaHaveFaith@fedia.io 3 weeks ago
frongt@lemmy.zip 3 weeks ago
Unless it was the software package itself that was compromised.
EncryptKeeper@lemmy.world 3 weeks ago
It was not
EncryptKeeper@lemmy.world 3 weeks ago
Yeah but Umami is an analytics engine power by client side tracking. If it was behind a VPN it would be useless.