GHSA-73hr-6785-f5p8

Опубликовано: 02 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Malicious Package in donotinstallthis

The package donotinstallthis contained malicious code. The package contained a script that was run as part of the install script. The script contacted a remote service tracking how many installations were done. There is no further compromise.

Recommendation

Remove the package from your environment.

Ссылки

https://www.npmjs.com/advisories/887

Пакеты

Наименование

donotinstallthis

npm

Затронутые версииВерсия исправления

Отсутствует

9.8 Critical

CVSS3

Дефекты

CWE-506

9.8 Critical

CVSS3

Дефекты

CWE-506