Malicious code in coingecko-price (npm)

2023-07-0400:00:00

Google

osv.dev

lazarus group

blockchain

npm packages

supply chains

social engineering

7.2 High

AI Score

Confidence

Low

JSON

-= Per source details. Do not edit below this line.=-

Source: checkmarx (06ba52961b5d886349fdb5a7c3e6362cedaaa64cb5857d5645d7360a68d133d1)

Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering tactics

CPENameOperatorVersion
coingecko-priceeq3.2.13
coingecko-priceeq3.2.12

CPE	Name	Operator	Version
	coingecko-price	eq	3.2.13
	coingecko-price	eq	3.2.12

References

medium.com/checkmarx-security/lazarus-group-launches-first-open-source-supply-chain-attacks-targeting-crypto-sector-cabc626e404e

security.snyk.io/vuln/SNYK-JS-COINGECKOPRICE-5819588

7.2 High

AI Score

Confidence

Low

JSON