7803 matches found
CVE-2017-16045
jquery.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16046
mariadb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16048
node-sqlite was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16050
sqlite.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16051
sqliter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16052
node-fabric was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16049
The CVE-2017-16049 case corresponds to the npm package nodesqlite, described across multiple sources as malware that steals environment variables and exfiltrates them to attacker-controlled locations. The core issue is malicious code published in nodesqlite intended to hijack environment variable...
CVE-2017-16049
nodesqlite was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16053
The CVE-2017-16053 issue involves the npm package fabric-js , published as malware intended to hijack environment variables. Several connected sources (GHSA advisory, npm advisory, and CVE records) confirm that all versions were unpublished from the npm registry and that the malware steals enviro...
CVE-2017-16054
nodefabric was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16044
CVE-2017-16044 corresponds to the npm package d3.js , reported as a malware module that hijacks environment variables and exfiltrates them to attacker-controlled endpoints. The community advisories (GHSA, npm advisory) state that all versions have been unpublished from the npm registry. The root ...
CVE-2017-16054
CVE-2017-16054 corresponds to the npm package nodefabric, which is described in connected advisories as malware that hijacks environment variables. The nodefabric package was published to steal environment variables and exfiltrate them to attacker-controlled locations; all versions have been unpu...
CVE-2017-16048
The CVE-2017-16048 entry covers the node-sqlite package, identified as malware that hijacks environment variables. Connected advisories confirm that the malware steals environment variables and exfiltrates to attacker-controlled locations; all versions were unpublished from npm. Practical impact ...
CVE-2017-16050
The CVE-2017-16050 entry concerns the sqlite.js npm package, a malware payload published to hijack environment variables. Multiple connected records confirm that sqlite.js steals environment variables and exfiltrates them to attacker-controlled locations, and that all versions were unpublished fr...
CVE-2017-16055
CVE-2017-16055 corresponds to the npm package sqlserver, a malware module published to hijack environment variables. Connected sources confirm the malicious behavior (steals env vars and exfiltrates to attacker-controlled locations) and note that all versions have been unpublished from npm. The N...
CVE-2017-16046
CVE-2017-16046 corresponds to a malware incident involving the npm package name mariadb, which hijacked environment variables. The malware was published as a malicious module and all versions were unpublished from npm. Several connected sources indicate the issue affected the mariadb package and ...
CVE-2017-16055
sqlserver was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16052
The CVE-2017-16052 entry concerns the npm package node-fabric, identified in multiple security advisories as malware that steals environment variables. Affected component: the node-fabric package (typo-squatting/malicious behavior) published to npm and later unpublished by npm. Root cause/attack ...
CVE-2017-16051
CVE-2017-16051 corresponds to the npm malware incident around the sqliter package. The sqliter module was published with the intent to hijack environment variables and exfiltrate data, and all versions were subsequently unpublished from npm. Multiple connected sources confirm the package’s malici...
airbrake module information disclosure vulnerability
The airbrake module is an exception report notification program for use in Node.js. A security vulnerability exists in airbrake module version 0.3.8 and earlier, which stems from the program defaulting to sending environment variables with sensitive values over the HTTP protocol. An attacker can...