{"id": "GHSA-P62R-JF56-H429", "bulletinFamily": "software", "title": "Malicious Package in evil-package", "description": "All versions of `evil-package` contain malicious code. The package uploads the contents of `process.env` to `example.com/log`.\n\n\n## Recommendation\n\nRemove the package from your environment. Given the host where the information was uploaded to there is no further indication of compromise.", "published": "2020-09-03T20:29:58", "modified": "2020-09-03T20:29:58", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://github.com/advisories/GHSA-p62r-jf56-h429", "reporter": "GitHub Advisory Database", "references": ["https://github.com/advisories/GHSA-p62r-jf56-h429", "https://www.npmjs.com/advisories/1162"], "cvelist": [], "type": "github", "lastseen": "2020-09-04T00:10:52", "edition": 1, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-P62R-JF56-H429"]}, {"type": "nodejs", "idList": ["NODEJS:1162"]}], "modified": "2020-09-04T00:10:52", "rev": 2}, "score": {"value": 3.9, "vector": "NONE", "modified": "2020-09-04T00:10:52", "rev": 2}, "vulnersScore": 3.9}, "affectedSoftware": [{"name": "evil-package", "operator": "lt", "version": "0"}]}

{}