{"id": "GHSA-38VQ-CJH5-VW7X", "bulletinFamily": "software", "title": "Malicious Package in nodes.js", "description": "All versions of `nodes.js ` contain malicious code. The package searches and installs globally thousands of packages based on keywords `node`, `react`, `react-native`, `vue`, `angular` and `babel` to fill the system's memory.\n\n\n## Recommendation\n\nRemove the package from your environment and validate what packages are installed.", "published": "2020-09-03T18:13:41", "modified": "2020-09-03T18:13:41", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://github.com/advisories/GHSA-38vq-cjh5-vw7x", "reporter": "GitHub Advisory Database", "references": ["https://github.com/advisories/GHSA-38vq-cjh5-vw7x", "https://www.npmjs.com/advisories/1074"], "cvelist": [], "type": "github", "lastseen": "2020-09-03T22:10:50", "edition": 1, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-38VQ-CJH5-VW7X"]}, {"type": "nodejs", "idList": ["NODEJS:1074"]}], "modified": "2020-09-03T22:10:50", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2020-09-03T22:10:50", "rev": 2}, "vulnersScore": 4.7}, "affectedSoftware": [{"name": "nodes.js", "operator": "lt", "version": "0"}]}

{}