Описание
Malicious code in loadyaml
npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information:
- IP and IP-based geolocation
- home directory name
- local username
The malicious packages have been removed from the npm registry and the leaked content removed from GitHub.
Пакеты
Наименование
loadyaml
npm
Затронутые версииВерсия исправления
<= 1.0.2
Отсутствует
Дефекты
CWE-506
Дефекты
CWE-506