Описание
Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
Ссылки
EPSS
Процентиль: 21%
0.00067
Низкий
9.6 Critical
CVSS3
Дефекты
CWE-506
Связанные уязвимости
CVSS3: 9.6
redhat
3 месяца назад
Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
EPSS
Процентиль: 21%
0.00067
Низкий
9.6 Critical
CVSS3
Дефекты
CWE-506