GHSA-c4hh-fg8x-6h9p

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Malicious Package in buffer-xnr

Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.

Recommendation

Remove the package from your environment. Ensure no Ethereum funds were compromised.

Ссылки

https://www.npmjs.com/advisories/1247

Пакеты

Наименование

buffer-xnr

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

9.8 Critical

CVSS3

Дефекты

CWE-506

9.8 Critical

CVSS3

Дефекты

CWE-506