Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2022-0115
Date: April 16, 2022
The package 'ethers.js' in NPM is brand-jacking a popular legit package and is malicious. The package was uploaded first time in April 16th 2022. Only one version number 19.0.5 was uploaded and is malicious. The malicious package is brand-jacking a very popular crypto package 'ethers' which has 700K weekly downloads! https://www.npmjs.com/package/ethers The author of the original package 'ethers' confirmed the brandjacking.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Embedded Malicious Code
CWE-506CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | CHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |