GHSA-vv52-3mrp-455m

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Malicious Package in m-backdoor

All versions of m-backdoor contain malicious code. The package downloads a file from a remote server and executes it as a preinstall script. At the time of the release of this advisory the downloaded file only defaces websites by removing elements randomly from the DOM.

Recommendation

Remove the package from your system.

Ссылки

https://www.npmjs.com/advisories/1513

Пакеты

Наименование

m-backdoor

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

Дефекты

CWE-506

Дефекты

CWE-506