2 matches found
CVE-2017-16078
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16078
CVE-2017-16078 concerns the npm package shadow sock—described in connected advisories as a malware that steals environment variables and exfiltrates to attacker-controlled endpoints. The npm advisory and GitHub/OSV entries confirm it has been unpublished from the npm registry; all versions are re...