ID GHSA-R2RG-683G-FF96
Type github
Reporter GitHub Advisory Database
Modified 2020-09-03T19:40:12
Description
This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server.
Recommendation
Remove the package from your environment. There are no indications of further compromise.
{"id": "GHSA-R2RG-683G-FF96", "bulletinFamily": "software", "title": "Malicious Package in axios-http", "description": "This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server.\n\n\n## Recommendation\n\nRemove the package from your environment. There are no indications of further compromise.", "published": "2020-09-03T19:40:12", "modified": "2020-09-03T19:40:12", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://github.com/advisories/GHSA-r2rg-683g-ff96", "reporter": "GitHub Advisory Database", "references": ["https://www.npmjs.com/advisories/1123", "https://github.com/advisories/GHSA-r2rg-683g-ff96"], "cvelist": [], "type": "github", "lastseen": "2020-09-03T23:18:09", "edition": 1, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-R2RG-683G-FF96"]}, {"type": "nodejs", "idList": ["NODEJS:1123"]}], "modified": "2020-09-03T23:18:09", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2020-09-03T23:18:09", "rev": 2}, "vulnersScore": 2.4}, "affectedSoftware": [{"name": "axios-http", "operator": "lt", "version": "0"}]}
{}
