ID GHSA-7QG7-6G3G-8VXG Type github Reporter GitHub Advisory Database Modified 2020-09-03T22:46:25
Description
Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Recommendation
Remove the package from your environment. Ensure no Ethereum funds were compromised.
{"id": "GHSA-7QG7-6G3G-8VXG", "bulletinFamily": "software", "title": "Malicious Package in bwffer-xor", "description": "Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.\n\n\n## Recommendation\n\nRemove the package from your environment. Ensure no Ethereum funds were compromised.", "published": "2020-09-03T22:46:25", "modified": "2020-09-03T22:46:25", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://github.com/advisories/GHSA-7qg7-6g3g-8vxg", "reporter": "GitHub Advisory Database", "references": ["https://www.npmjs.com/advisories/1269", "https://github.com/advisories/GHSA-7qg7-6g3g-8vxg"], "cvelist": [], "type": "github", "lastseen": "2020-09-04T02:10:54", "edition": 1, "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-7QG7-6G3G-8VXG"]}, {"type": "nodejs", "idList": ["NODEJS:1269"]}], "modified": "2020-09-04T02:10:54", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2020-09-04T02:10:54", "rev": 2}, "vulnersScore": 4.5}, "affectedSoftware": [{"name": "bwffer-xor", "operator": "lt", "version": "0"}]}
