Malicious Package in eslint-scope

🗓️ 12 Jul 2018 19:02:52Reported by GitHub Advisory DatabaseType

Malicious code in eslint-scope 3.7.2, reads .npmrc file, sends authentication tokens to remote server

Vulners

Node

eslint\-scope

eslint\-config\-eslint

Source	Link
github	www.github.com/eslint/eslint-scope/issues/39
eslint	www.eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes
github	www.github.com/advisories/GHSA-hxxf-q3w9-4xgw
npmjs	www.npmjs.com/advisories/673
snyk	www.snyk.io/vuln/SNYK-JS-ESLINTSCOPE-11120

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jul 2018 19:52Current

2.3Low risk

Vulners AI Score2.3

CWE-506