ID GHSA-WQGQ-MFVJ-6QXP
Type github
Reporter GitHub Advisory Database
Modified 2021-09-30T20:19:48
Description
This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server.
Recommendation
Remove the package from your environment. There are no indications of further compromise.
{"id": "GHSA-WQGQ-MFVJ-6QXP", "vendorId": null, "type": "github", "bulletinFamily": "software", "title": "Malicious Package in koa-body-parse", "description": "This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server.\n\n\n## Recommendation\n\nRemove the package from your environment. There are no indications of further compromise.", "published": "2020-09-03T19:49:03", "modified": "2021-09-30T20:19:48", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://github.com/advisories/GHSA-wqgq-mfvj-6qxp", "reporter": "GitHub Advisory Database", "references": ["https://www.npmjs.com/advisories/1131", "https://github.com/advisories/GHSA-wqgq-mfvj-6qxp"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-30T13:47:17", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "nodejs", "idList": ["NODEJS:1131"]}, {"type": "osv", "idList": ["OSV:GHSA-WQGQ-MFVJ-6QXP"]}], "rev": 4}, "score": {"value": 1.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "kitploit", "idList": ["KITPLOIT:116690769744039319"]}, {"type": "threatpost", "idList": ["THREATPOST:99DC4B497599503D640FDFD9A2DC5FA3"]}]}, "exploitation": null, "vulnersScore": 1.5}, "_state": {"dependencies": 0}, "_internal": {}, "affectedSoftware": [{"version": "0.0.0", "operator": "ge", "ecosystem": "NPM", "name": "koa-body-parse"}]}
{}
