ID GHSA-JH67-3WQW-CVHR Type github Reporter GitHub Advisory Database Modified 2021-10-01T14:35:03
Description
Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Recommendation
Remove the package from your environment. Ensure no Ethereum funds were compromised.
{"id": "GHSA-JH67-3WQW-CVHR", "vendorId": null, "type": "github", "bulletinFamily": "software", "title": "Malicious Package in js-sxa3", "description": "Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.\n\n\n## Recommendation\n\nRemove the package from your environment. Ensure no Ethereum funds were compromised.", "published": "2020-09-03T23:13:52", "modified": "2021-10-01T14:35:03", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://github.com/advisories/GHSA-jh67-3wqw-cvhr", "reporter": "GitHub Advisory Database", "references": ["https://www.npmjs.com/advisories/1293", "https://github.com/advisories/GHSA-jh67-3wqw-cvhr"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-30T13:47:16", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "nodejs", "idList": ["NODEJS:1293"]}, {"type": "osv", "idList": ["OSV:GHSA-JH67-3WQW-CVHR"]}], "rev": 4}, "score": {"value": 3.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "kitploit", "idList": ["KITPLOIT:3449843613571411531"]}]}, "exploitation": null, "vulnersScore": 3.6}, "_state": {"dependencies": 0}, "_internal": {}, "affectedSoftware": [{"version": "0.0.0", "operator": "ge", "ecosystem": "NPM", "name": "js-sxa3"}]}
