GHSA-m9r7-q9fc-qwx5

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Malicious Package in maybemaliciouspackage

All versions of maybemaliciouspackage contain malicious code. The package prints the system's SSH keys to the console as a postinstall script.

Remove the package from your environment. There are no further signs of compromise.

Наименование

maybemaliciouspackage

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

9.8 Critical

CVSS3

CWE-506

9.8 Critical

CVSS3

CWE-506