2 matches found
@fto-consult/electron (>=1.0.0 <=1.0.43), @fto-consult/electron-gen (>=1.1.0 <=3.0.0) +2 more potentially affected by CVE-2017-16048 via node-sqlite (=0.0.2-security)
node-sqlite NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on node-sqlite and may be impacted: - @fto-consult/electron =1.0.0, =1.1.0, =7.6.1, =1.0.1, =1.1.6 Source cves: CVE-2017-16048 Source advisory: OSV:GHSA-X52F-H74P-9JH8...
CVE-2017-16048
The CVE-2017-16048 entry covers the node-sqlite package, identified as malware that hijacks environment variables. Connected advisories confirm that the malware steals environment variables and exfiltrates to attacker-controlled locations; all versions were unpublished from npm. Practical impact ...