2 matches found
maltodextrin (=1.0.0), sk-stand (=0.2.12) +2 more potentially affected by CVE-2017-16044 via d3.js (=0.0.2-security)
d3.js NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on d3.js and may be impacted: - maltodextrin =1.0.0 - sk-stand =0.2.12 - smart-cloud-platform =1.0.0, =0.0.25, =0.0.27 Source cves: CVE-2017-16044 Source advisory:...
CVE-2017-16044
CVE-2017-16044 corresponds to the npm package d3.js , reported as a malware module that hijacks environment variables and exfiltrates them to attacker-controlled endpoints. The community advisories (GHSA, npm advisory) state that all versions have been unpublished from the npm registry. The root ...