Command Injection in opencv

Versions of opencvprior to 6.1.0 are vulnerable to Command Injection. The utils/ script find-opencv.js does not validate user input allowing attackers to execute arbitrary commands. Recommendation Upgrade to version 6.1.0...

GHSA-F698-M2V9-5FH3 Command Injection in opencv

Versions of opencvprior to 6.1.0 are vulnerable to Command Injection. The utils/ script find-opencv.js does not validate user input allowing attackers to execute arbitrary commands. Recommendation Upgrade to version 6.1.0...

Command Injection

Overview Versions of opencvprior to 6.1.0 are vulnerable to Command Injection. The utils/ script find-opencv.js does not validate user input allowing attackers to execute arbitrary commands. Recommendation Upgrade to version 6.1.0. References GitHub Advisory...

opencv.js is malware

opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

@ekyc_qoobiss/qbs-ect-cmp (>=4.7.16 <=4.7.140), @ekycsolutions/ml-js-sdk (>=0.0.9-alpha <=0.0.10-alpha.13) +13 more potentially affected by CVE-2017-16066 via opencv.js (=1.2.1)

opencv.js NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on opencv.js and may be impacted: - @ekycqoobiss/qbs-ect-cmp =4.7.16, =0.0.9-alpha, =1.1.2, =0.3.1, =1.0.0, =0.7.1, =4.0.0, =2.0.1, =2.0.0, =1.11.0, =0.0.112, =0.1.7 Source cves:...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Denial of service

opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16066

opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16066

CVE-2017-16066 corresponds to opencv.js, a malicious npm module published to hijack environment variables. The vulnerability was acknowledged across multiple sources (NVD, ENISA, GHSA, osv) with the module unpublished by npm. Affected content specifies a malware intent affecting the runtime envir...

CVE-2017-16066

opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

Hijacked Environment Variables

Overview The opencv.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...