GHSA-x48m-gp6r-gp4v

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Malicious Package in rate-map

Version 1.0.3 of rate-map contains malicious code. The malware breaks functionality of the purescript-installer package by rewriting code of the dl-tar dependency.

Recommendation

Upgrade to version 1.0.5 or later. There is no indication of further compromise.

Ссылки

https://www.npmjs.com/advisories/1083

Пакеты

Наименование

rate-map

npm

Затронутые версииВерсия исправления

= 1.0.3

1.0.5

9.8 Critical

CVSS3

Дефекты

CWE-506

9.8 Critical

CVSS3

Дефекты

CWE-506