Home > Vulnerability Database > WS-2019-0380

Mend.io Vulnerability Database

WS-2019-0380

Good to know:

Date: October 2, 2019

8.9.4 is a malicious package which runs a dangerous code as a preinstall script and reads the system's SSH keys (but does not upload it to a remote server).

Language: JS

Severity Score

8.6

Related Resources (2)

Url: https://www.npmjs.com/advisories/1201

Url: https://www.mend.io/vulnerability-database/WS-2019-0380

Severity Score

8.6

Weakness Type (CWE)

Code

CWE-17

Top Fix

Upgrade Version

Upgrade to version 8.9.4 - 2.12.4;8.9.4 - 2.12.2;8.9.4 - 2.12.3;8.9.4 - 2.12.5;8.9.4 - 4.4.0;8.9.4 - 4.4.1

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2019-0380

Good to know:

Date: October 2, 2019

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?