3 matches found
mapdemotest1 (=0.0.1), websocketsli (=1.0.0) potentially affected by CVE-2017-16045 via jquery.js (=0.0.2-security)
jquery.js NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on jquery.js and may be impacted: - mapdemotest1 =0.0.1 - websocketsli =1.0.0 Source cves: CVE-2017-16045 Source advisory: OSV:GHSA-JP27-CWP2-5QQR...
CVE-2017-16045
CVE-2017-16045 corresponds to a malicious npm package named jquery.js that hijacks environment variables. The malware was published as a package and later unpublished from the npm registry; it targets any environment where the package is installed, exfiltrating sensitive values to attacker-contro...
CVE-2017-16045
jquery.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...