4777 matches found
CVE-2017-16070
nodecaffe is a malware package published to hijack environment variables and exfiltrate them to attacker-controlled locations. The npm-hosted module has been unpublished across all versions. Affected context from the provided documents shows malware behavior and cleanup guidance: remove the packa...
CVE-2017-16081
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16069
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16072
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16068
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16064
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16056
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16059
CVE-2017-16059 relates to the npm package mssql-node , identified as malware that steals environment variables and exfiltrates them to attacker-controlled locations. The linked advisories corroborate that all versions were unpublished from npm. The vulnerability’s concrete details in connected do...
CVE-2017-16063
The CVE-2017-16063 issue corresponds to the node-opensl malware. The affected component is the node-opensl package, which was published to hijack environment variables and exfiltrate them to attacker-controlled locations. All versions have been unpublished from the npm registry. The primary root ...
CVE-2017-16078
CVE-2017-16078 concerns the npm package shadow sock—described in connected advisories as a malware that steals environment variables and exfiltrates to attacker-controlled endpoints. The npm advisory and GitHub/OSV entries confirm it has been unpublished from the npm registry; all versions are re...
CVE-2017-16074
The CVE-2017-16074 entry concerns the npm package crossenv, which is described in connected documents as malware that hijacks environment variables and exfiltrates them to attacker-controlled locations. All versions have been unpublished from npm. Public advisories (GitHub GHSA and npm advisory) ...
CVE-2017-16078
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16065
CVE-2017-16065 corresponds to the npm malware incident involving the package named openssl.js, which was published to hijack environment variables and exfiltrate them to attacker-controlled locations. The linked records confirm that the package has been unpublished from the npm registry and that ...
CVE-2017-16080
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16057
The CVE-2017-16057 entry concerns the nodemssql npm package, which is documented as malware that steals environment variables and exfiltrates them to attacker-controlled locations. All versions have been unpublished from the npm registry. Impact described in linked advisories includes credential ...
CVE-2017-16056
CVE-2017-16056 refers to the npm package mssql.js , reported as a malicious module designed to hijack environment variables. The available connected sources confirm that this package steals credentials from environment variables and exfiltrates them to attacker-controlled locations, and that all ...
CVE-2017-16079
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16069
The CVE-2017-16069 case concerns the nodeffmpeg package, identified as malware that hijacks and exfiltrates environment variables. Several sources (npm advisory, GitHub advisory, OSV) confirm that nodeffmpeg was published as malicious, with all versions unpublished from the npm registry, and that...
CVE-2017-16065
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16071
CVE-2017-16071 concerns the npm package nodemailer-js , described as malware that hijacks environment variables and exfiltrates them to attacker-controlled locations. All versions were unpublished from the npm registry. Connected advisories corroborate malware behavior and provide remediation gui...