This content is viewable by Everyone
Malicious Code Embedded in XZ Utils
Save
Save
CISA and the open-source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. The malicious code may allow unauthorized access to affected systems.
For a complete description of the vulnerabilities and affected systems go to: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094.
IT Security