Regular Expression Denial of Service

Overview Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. Recommendation Update to version 2.0.3 or later. References - Issue 167 - GitHub Advisory...

Regular Expression Denial of Service

Overview Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. Recommendation Version 2.x.x: Update to...

Regular Expression Denial of Service

Overview Affected versions of marked are vulnerable to a regular expression denial of service. The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds. Recommendation Update to version 0.3.9 or later. References ...

Regular Expression Denial of Service

Overview Affected versions of content are vulnerable to a regular expression denial of service when parsing malicious Content-Type and Content-Disposition headers. Recommendation Update to version 3.0.6 or later. References GitHub Advisory...

Regular Expression Denial of Service

Overview Affected versions of forwarded are vulnerable to regular expression denial of service when parsing specially crafted user input. Recommendation Update to version 0.1.2 or later References GitHub Advisory...

Hijacked Environment Variables

Overview The smb package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

Hijacked Environment Variables

Overview The mongose package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real securit...

Hijacked Environment Variables

Overview The http-proxy.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

Hijacked Environment Variables

Overview The noderequest package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

Hijacked Environment Variables

Overview The nodemailer.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

Hijacked Environment Variables

Overview The nodecaffe package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

Hijacked Environment Variables

Overview The nodeffmpeg package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

Hijacked Environment Variables

Overview The ffmepg package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

Hijacked Environment Variables

Overview The openssl.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

Hijacked Environment Variables

Overview The node-openssl package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

Hijacked Environment Variables

Overview The babelcli package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real securi...

Hijacked Environment Variables

Overview The gruntcli package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real securi...

Hijacked Environment Variables

Overview The jquery.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

Hijacked Environment Variables

Overview The mariadb package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real securit...

Hijacked Environment Variables

Overview The mysqljs package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real securit...