bootstrap-sass, version 3.2.0.3, is a malicious package. The vulnerability exists through a backdoor in lib/active-controller/middleware.rb
in the value of the malicious ___cfduid
cookie that is used in the eval
function, causing arbitrary code execution attacks.