TP-Link Cross Site Scripting

============================================================== Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices ============================================================== Overview ======== Title:- Unauthenticated Stored Cross-site Scripting in TP-Link Devices. CVE-ID :-...

GHSA-QJ73-V688-WQXF Hijacked Environment Variables in proxy.js

The proxy.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concer...

GHSA-4G54-95XV-F353 http-proxy.js is malware

The http-proxy.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

http-proxy.js is malware

The http-proxy.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Malicious Typo-Squatting

http-proxy.js is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

CVE-2017-16076

proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16075

http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

Design/Logic Flaw

http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16075

CVE-2017-16075 corresponds to the http-proxy.js package that was published as malware with the intent to hijack environment variables and exfiltrate them to attacker-controlled locations. The npm advisory and related records note that all versions were unpublished from the npm registry. Connected...

CVE-2017-16076

CVE-2017-16076 refers to the npm package proxy.js, described as malware that hijacks environment variables. The connected advisories confirm that proxy.js was published to steal env vars and that all versions were unpublished from the npm registry. Exploitation details are not provided in the doc...

CVE-2017-16076

proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...