Lucene search

pandora-doomsday is malware

🗓️ 01 Sep 2020 18:40:56Reported by GitHub Advisory DatabaseType

The 'pandora-doomsday' malware adds itself to the package.json file of other packages and attempts to publish itself. It has been removed from the npm registry

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Veracode	Malicious Module	1 Nov 201706:53	–	veracode
OSV	pandora-doomsday is malware	1 Sep 202018:56	–	osv
Prion	Code injection	7 Jun 201802:29	–	prion
CVE	CVE-2017-16127	7 Jun 201802:29	–	cve
NVD	CVE-2017-16127	7 Jun 201802:29	–	nvd
Node.js	Infecting Module	7 Aug 201718:41	–	nodejs
Cvelist	CVE-2017-16127	7 Jun 201802:00	–	cvelist

Vulners

Node

pandora-doomsday_project pandora-doomsdayRange0.0.0≥

Source	Link
npmjs	www.npmjs.com/advisories/482
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-16127
github	www.github.com/advisories/GHSA-428f-mh7w-6w2x

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Sep 2020 18:56Current

9.1High risk

Vulners AI Score9.1

CVSS210

CVSS39.8

EPSS0.00337

CWE-509