GHSA-4hm7-73ch-vm59

Source

https://github.com/advisories/GHSA-4hm7-73ch-vm59

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-4hm7-73ch-vm59/GHSA-4hm7-73ch-vm59.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4hm7-73ch-vm59

Published

2020-09-03T21:49:43Z

Modified

2021-09-29T20:58:16Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Malicious Package in buffer-8or

Details

Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.

Recommendation

Remove the package from your environment. Ensure no Ethereum funds were compromised.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:52:01Z",
    "nvd_published_at": null,
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-506"
    ]
}

References

https://www.npmjs.com/advisories/1241

Affected packages

npm / buffer-8or

Package

Name: buffer-8or; View open source insights on deps.dev
Purl: pkg:npm/buffer-8or

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-4hm7-73ch-vm59/GHSA-4hm7-73ch-vm59.json"