Malicious Package in evil-package

2020-09-03T20:29:58
ID GHSA-P62R-JF56-H429
Type github
Reporter GitHub Advisory Database
Modified 2020-09-03T20:29:58

Description

All versions of evil-package contain malicious code. The package uploads the contents of process.env to example.com/log.

Recommendation

Remove the package from your environment. Given the host where the information was uploaded to there is no further indication of compromise.