Lucene search
K

78 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:43 p.m.32 views

Remote code execution in vscode-npm-script

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability...

7.8CVSS3.4AI score0.05954EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2022/05/24 5:43 p.m.18 views

GHSA-R84V-QFF8-JV5G Remote code execution in vscode-npm-script

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability...

7.8CVSS7.9AI score0.05954EPSS
Exploits2References3
Snyk
Snyk
added 2021/07/29 6:57 a.m.1 views

Malicious Package

Overview vscode-npm-script is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the vscode-npm-script package. Credit: Snyk Research...

9.8CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2021/02/25 11:15 p.m.13 views

CVE-2021-26700

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability...

7.8CVSS0.05954EPSS
Exploits2References1
OSV
OSV
added 2021/02/25 11:15 p.m.3 views

CVE-2021-26700

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability...

7.8CVSS7.2AI score0.05954EPSS
Exploits2References1
Prion
Prion
added 2021/02/25 11:15 p.m.15 views

Remote code execution

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability...

6.8CVSS7.9AI score0.05954EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/02/25 11:2 p.m.17 views

CVE-2021-26700 Visual Studio Code npm-script Extension Remote Code Execution Vulnerability

...

7.8CVSS8AI score0.05954EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2021/02/15 12:0 a.m.5 views

PT-2021-17098 · Microsoft · Visual Studio Code Npm-Script Extension

Name of the Vulnerable Software and Affected Versions: Visual Studio Code npm-script Extension affected versions not specified Description: The issue concerns a remote code execution vulnerability in the Visual Studio Code npm-script Extension. There is no information provided about the estimated...

7.8CVSS7.8AI score0.05954EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2021/02/11 12:0 a.m.45 views

Security Update for Microsoft Visual Studio Code npm-script Extension (Feb 2021)

A remote code execution vulnerability exists in Visual Studio Code when the npm-script extension loads. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Note that Nessus has not tested for this issue but has instead relied only ...

7.8CVSS8.3AI score0.05954EPSS
Exploits2References3
Microsoft CVE
Microsoft CVE
added 2021/02/09 8:0 a.m.47 views

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability

...

7.8CVSS7.8AI score0.05954EPSS
Exploits2
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.7 views

Microsoft Visual Studio Code npm-script plugin security vulnerability

Microsoft Visual Studio Code is an open source code editor from Microsoft. A security vulnerability exists in the npm-script plugin for Microsoft Visual Studio Code. The following products and versions are affected: Visual Studio Code - npm-script Extension...

7.8CVSS7.2AI score0.05954EPSS
Exploits2References3
Kaspersky
Kaspersky
added 2021/02/09 12:0 a.m.81 views

KLA12073 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in .NET Core can be...

9.8CVSS9.9AI score0.30315EPSS
Exploits2References27
OSV
OSV
added 2020/09/01 6:55 p.m.20 views

GHSA-322M-P39J-R5M2 npm-script-demo is malware

The npm-script-demo package is a piece of malware that opens a connection to a command and control server and executed the instructions it is given. It has been removed from the npm registry. Recommendation Any computer that has this package installed or running should be considered fully...

9.8CVSS9.6AI score0.01455EPSS
Exploits0References2
CNVD
CNVD
added 2018/06/20 12:0 a.m.3 views

Unspecified vulnerability in npm-script-demo

npm-script-demo is a package. A security vulnerability exists in npm-script-demo. No details of the vulnerability are provided at this time...

10CVSS9.3AI score0.01455EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.74 views

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

10CVSS7.4AI score0.02342EPSS
Exploits4References108
Prion
Prion
added 2018/06/07 2:29 a.m.11 views

Design/Logic Flaw

The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry...

10CVSS9.5AI score0.01455EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.24 views

CVE-2017-16128

The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry...

8.8AI score0.01455EPSS
Exploits0References1
Veracode
Veracode
added 2017/11/01 6:40 a.m.19 views

System Compromise

npm-script-demo compromises the system. It is possible because the module can create an unauthorized connection to a command and control server when it is installed...

9.8CVSS9.2AI score0.01455EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder