GHSA-7cvf-p83w-48q6

Source

https://github.com/advisories/GHSA-7cvf-p83w-48q6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-7cvf-p83w-48q6/GHSA-7cvf-p83w-48q6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7cvf-p83w-48q6

Published

2020-09-03T21:37:29Z

Modified

2023-12-07T22:07:51Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Malicious Package in beffer-xor

Details

Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.

Recommendation

Remove the package from your environment. Ensure no Ethereum funds were compromised.

Database specific

{
    "github_reviewed_at": "2020-08-31T18:51:34Z",
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-506"
    ],
    "github_reviewed": true,
    "nvd_published_at": null
}

References

https://www.npmjs.com/advisories/1229

Affected packages

npm / beffer-xor

Package

Name: beffer-xor; View open source insights on deps.dev
Purl: pkg:npm/beffer-xor

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0