All umami instances have been infected with a persisting crypto miner. Umami was affected by the next.js CVE but quietly released a fix, so most of their users missed it
All umami instances have been infected with a persisting crypto miner. Umami was affected by the next.js CVE but quietly released a fix, so most of their users missed it
deleted by creator
Yeah but Umami is an analytics engine powered by client side tracking. If it was behind a VPN it would be useless.
Yes I re-read the cve, I thought it was an issue with an npm package with a cryptominer
Unless it was the software package itself that was compromised.
It was not