nodefabric is malware

🗓️ 23 Jul 2018 20:58:49Reported by GitHub Advisory DatabaseType

Nodefabric malware steals and sends environment variables to attackers. All versions unpublished from npm registry.

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2017-16054	4 Jun 201819:29	–	cve
Cvelist	CVE-2017-16054	4 Jun 201819:00	–	cvelist
Veracode	Malicious Module	5 Jun 201807:38	–	veracode
OSV	nodefabric is malware	23 Jul 201820:49	–	osv
Prion	Code injection	4 Jun 201819:29	–	prion
Node.js	Hijacked Environment Variables	8 Aug 201721:31	–	nodejs
NVD	CVE-2017-16054	4 Jun 201819:29	–	nvd
OpenVAS	Malicious JavaScript Package Detection	12 Jun 201800:00	–	openvas

Vulners

Node

nodefabric_project nodefabricRange≤1.0.2

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-16054
github	www.github.com/advisories/GHSA-8qp3-pvwc-2g4p
npmjs	www.npmjs.com/advisories/488

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Jul 2018 20:49Current

7.3High risk

Vulners AI Score7.3

CVSS25

CVSS37.5

EPSS0.0014

CWE-506