@agoric/access-token (>=0.4.16-dev-23c942c.0 <=0.4.16-dev.0), @agoric/assert (>=0.1.0 <=0.3.15-dev.2) +79 more potentially affected by unknown CVE via ses (>=0.0.1 <=0.15.24)

ses NPM version =0.0.1, =0.4.16-dev-23c942c.0, =0.1.0, =1.2.0, =1.3.0, =0.1.0, =0.10.8, =0.2.0, =1.5.1, =0.5.6-dev-f662032.0, =0.5.3, =0.1.1, =0.0.9, =0.1.2, =0.3.0, =0.5.30-dev-fe997f2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WHPX-Q3RQ-W8JC...

Malicious Package

Overview agoric-servers is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

MAL-2022-893 Malicious code in agoric-servers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d3837c0f56cf1938ad8c653e4e703379b0bebba1dc5e86be8214b8f77a85b78d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in agoric-servers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d3837c0f56cf1938ad8c653e4e703379b0bebba1dc5e86be8214b8f77a85b78d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23594 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23594 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

Agoric: Stored XSS in agoric-sdk - malicious iframes, malicious svg

Summary: add summary of the vulnerability Steps To Reproduce: shell git clone https://github.com/Agoric/agoric-sdk.git cd agoric-sdk yarn config set "strict-ssl" false -g yarn config set "registry" "http://registry.npmjs.org/" -g yarn config set "cafile" "/etc/ssl/cert.pem" -g pipenv shell yarn...

Agoric: Dependency on private SSH keys in public github

Summary: As i am searching for the some information i came through one of the https://github.com/Agoric/agoric-sdk/blob/8a8136533220a862bf87d319e821858c8b7ba3b3/vagrant/Dockerfile as i am looking at the content i came through github link for ssh private key...