7 matches found
Malicious code in strapi-plugin-api (npm)
strapi-plugin-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. It...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious Package
Overview acookie is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the acookie package. Credit: Snyk Research...
Malicious Package
Overview firebase-extensions is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the firebase-extensions package. Credit: Snyk Research...
Malicious Package
Overview paychex-framework-core-ui is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-framework-core-ui package. Credit: Snyk Research...
Unspecified vulnerability in nodecaffe
nodecaffe is a package that allows JavaScript to inspect Caffe layers and content. A security vulnerability exists in nodecaffe. An attacker could exploit the vulnerability to steal environment variables...
Unspecified vulnerability in ffmepg
ffmepg is a package that steals environment variables. A security vulnerability exists in ffmepg. An attacker can exploit the vulnerability to steal environment variables...