exploitDog

CVE-2019-19771

Опубликовано: 12 дек. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Низкий

Описание

The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.

Ссылки

https://www.npmjs.com/advisories/1417
Third Party Advisory
https://www.npmjs.com/package/lodahs
Product
https://www.npmjs.com/advisories/1417
Third Party Advisory
https://www.npmjs.com/package/lodahs
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lodahs_project:lodahs:1.0.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 63%

0.00443

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-hm6q-r2jc-cpqh

CVSS3: 8.8

github

около 6 лет назад

lodahs is malware

EPSS

Процентиль: 63%

0.00443

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

NVD-CWE-noinfo