We found results for “”
WS-2018-0143
Good to know:
Date: January 13, 2018
"An attacker compromised the npm account of an ESLint maintainer and published malicious packages to the npm registry.On installation, the malicious packages downloaded and executed code from pastebin.com which sent the contents of the user’s .npmrc file to the attacker. An .npmrc file typically contains access tokens for publishing to npm."
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Code
CWE-17Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |