56 matches found
Malicious code in rs-biginteger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796cb1ee4c8398963dcc192d2fc9b425866f40f7a99b467cba1d160234508617 Package presents itself as a big-integer arithmetic library and ships the verbatim big.js v7.0.1 source plus its README. Injected between the P.minus...
MAL-2026-6675 Malicious code in rs-biginteger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796cb1ee4c8398963dcc192d2fc9b425866f40f7a99b467cba1d160234508617 Package presents itself as a big-integer arithmetic library and ships the verbatim big.js v7.0.1 source plus its README. Injected between the P.minus...
MAL-2026-6316 Malicious code in ts-biginteger-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8059a1d2db2edb7231b017023f82f6a651585c0ee7120aaebe882cb6407b9e3 Package is published as 'ts-biginteger-lib' but its metadata, README, and source are a wholesale copy of big.js by MikeMcl author set to 'Michael...
node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()
A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...
node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()
A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...
cjs-biginteger (=5.0.5) potentially affected by unknown CVE via ts-lint-builds (=1.0.5)
ts-lint-builds NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on ts-lint-builds and may be impacted: - cjs-biginteger =5.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2883...
Malicious code in cjs-biginteger (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad18a38aa59b5edbd05dbdf229f4d013446f970fe18b41e54ffc1c24a926d2bd The package cjs-biginteger was found to contain malicious...
MAL-2026-2882 Malicious code in cjs-biginteger (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad18a38aa59b5edbd05dbdf229f4d013446f970fe18b41e54ffc1c24a926d2bd The package cjs-biginteger was found to contain malicious...
bjs-biginteger (=5.0.5) potentially affected by unknown CVE via bjs-lint-builders (=1.1.0)
bjs-lint-builders NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on bjs-lint-builders and may be impacted: - bjs-biginteger =5.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2881...
bjs-biginteger (=5.0.6) potentially affected by unknown CVE via bjs-lint-builder (=1.0.5)
bjs-lint-builder NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on bjs-lint-builder and may be impacted: - bjs-biginteger =5.0.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2880...
Malicious code in bjs-biginteger (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce3bc89babfc42de2e7df569ebf26d41dcc13469a19895aa4144c2625ddbd87b The package bjs-biginteger was found to contain malicious...
MAL-2026-2879 Malicious code in bjs-biginteger (npm)
big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce3bc89babfc42de2e7df569ebf26d41dcc13469a19895aa4144c2625ddbd87b The package bjs-biginteger was found to contain malicious...
Malicious code in sjs-biginteger (npm)
sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...
sjs-biginteger (=5.0.6) potentially affected by unknown CVE via sjs-lint-build1 (=1.0.4)
sjs-lint-build1 NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on sjs-lint-build1 and may be impacted: - sjs-biginteger =5.0.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2528...
CVE-2026-33891
A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...
UBUNTU-CVE-2026-33891
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
CVE-2026-33891
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...