Описание
Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
Ссылки
EPSS
Процентиль: 27%
0.00095
Низкий
9.6 Critical
CVSS3
Дефекты
CWE-506
Связанные уязвимости
CVSS3: 9.6
redhat
5 месяцев назад
Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
EPSS
Процентиль: 27%
0.00095
Низкий
9.6 Critical
CVSS3
Дефекты
CWE-506