9 matches found
Malicious code in ioredis-os (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 387bee0d123eeed248b8be6281784b88d2a3385943a3f696541c1ce48b1c817a ioredis-os appends -os to the widely-used ioredis package name and ships what appears to be a verbatim fork of ioredis same author, same upstream...
Malicious Package
Overview ioredis-typed is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview ioredis-orm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
MAL-2026-5676 Malicious code in ioredis-typed (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bd3dadb6d1e5369a82a26b784f5d557e289158636cdf678333f9deef05dd996 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5675 Malicious code in ioredis-orm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15186d98f16a0cfdcb0cac8d616ea4afc4e6d1443be464ef1a140ab79a5d5d0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ioredis-orm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7edb2baf96d81e8c5e6853e041bc82ed8bab6aa8de5a9c70fa8c90b2ac6fd08 The tarball ships a verbatim copy of the legitimate ioredis Redis client source same layout, same Redis class, identical description text 'A robust,...
Malicious code in ioredis-typed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b79e90c5d77b68f22ec4aa1245ff3f82cb6414502a64ef7898b67aa1019455c1 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2024-9669 Malicious code in instrumentation-ioredis (npm)
--- -= Per source details. Do not edit below this line.=-...
Prototype Pollution
ioredis is vulnerable to prototype pollution. The vulnerability exists as the reply transformer does not check for special field names and mishandles malicious keys proto, which could, at worst, result in a denial of service condition due to limitations of not being able to overwrite global...