
We found results for “”
MSC-2025-5258
Date: April 22, 2025
This package has been identified by Mend as containing potential malicious functionality. This package was compromised, and this version contains a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets. Please remove the compromised package from your project and replace with either the last safe version, which is 4.2.0, or upgrade to the highest safe version, which is 4.2.5
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Embedded Malicious Code
CWE-506CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | HIGH |