Описание
Malicious Package in 1337qq-js
All versions of 1337qq-js contain malicious code. The package exfiltrates sensitive information through install scripts. It targets UNIX systems. The information exfiltrated includes:
- Environment variables
- Running processes
- /etc/hosts
- uname -a
- npmrc file
Recommendation
Remove the package from your system and rotate any compromised credentials.
Пакеты
Наименование
1337qq-js
npm
Затронутые версииВерсия исправления
>= 0.0.0
Отсутствует
Дефекты
CWE-506
Дефекты
CWE-506