Описание
Malicious Package in commmander
All versions of commmander contain malicious code . The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. Upon require the package attempts to start a cryptocurrency miner using coin-hive.
Recommendation
Remove the package from your environment and verify whether your system is running the cryptocurrency miner.
Пакеты
Наименование
commmander
npm
Затронутые версииВерсия исправления
Отсутствует
9.8 Critical
CVSS3
Дефекты
CWE-506
9.8 Critical
CVSS3
Дефекты
CWE-506