18 matches found
EUVD-2021-2230
Malware in sbrugna...
OS Command Injection in node-opencv
utils/find-opencv.js in node-opencv aka OpenCV bindings for Node.js prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands...
CVE-2019-10061
utils/find-opencv.js in node-opencv aka OpenCV bindings for Node.js prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands...
DEBIAN-CVE-2019-10061
utils/find-opencv.js in node-opencv aka OpenCV bindings for Node.js prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands...
CVE-2019-10061
utils/find-opencv.js in node-opencv aka OpenCV bindings for Node.js prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands...
CVE-2019-10061
utils/find-opencv.js in node-opencv aka OpenCV bindings for Node.js prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands...
CVE-2019-10061
utils/find-opencv.js in node-opencv aka OpenCV bindings for Node.js prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands...
CVE-2019-10061
utils/find-opencv.js in node-opencv aka OpenCV bindings for Node.js prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands...
node-opencv command injection vulnerability
node-opencv is the OpenCV binding for Node.js. A command injection vulnerability exists in utils/find-opencv.js in versions of node-opencv prior to 6.1.0. The vulnerability stems from node-opencv failing to validate user input. An attacker can exploit the vulnerability to execute arbitrary comman...
node-opencv is malware
The node-opencv package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...
Malicious JavaScript Package Detection
Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
node-opencv design vulnerability
node-opencv is a JavaScript library for connecting to OpenCV. A security vulnerability exists in node-opencv. An attacker can exploit the vulnerability to steal environment variables...
Malicious Typo-Squatting
node-opencv is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...
Code injection
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16067
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16067
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16067
CVE-2017-16067 corresponds to the npm malware incident involving the node-opencv package. The package is a malicious module that hijacks and exfiltrates environment variables; all versions have been unpublished from the npm registry. Connected advisories confirm malware characteristics and sugges...
Hijacked Environment Variables
Overview The node-opencv package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...