2024-04-02 13:18:00 UTC

A recent analysis has uncovered a malicious code inserted into the popular open-source library XZ Utils for Linux systems, which is used in major distributions. This code not only enables remote code execution but also poses a significant supply chain compromise. The vulnerability, identified as CVE-2024-3094 with a CVSS score of 10.0, was brought to attention by Microsoft engineer and PostgreSQL developer Andres Freund.