GHSA-c2g6-57fp-22wp

Source

https://github.com/advisories/GHSA-c2g6-57fp-22wp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-c2g6-57fp-22wp/GHSA-c2g6-57fp-22wp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c2g6-57fp-22wp

Published

2020-09-03T22:48:35Z

Modified

2021-09-30T16:14:29Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Malicious Package in fuffer-xor

Details

Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.

Recommendation

Remove the package from your environment. Ensure no Ethereum funds were compromised.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:53:15Z",
    "nvd_published_at": null,
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-506"
    ]
}

References

https://www.npmjs.com/advisories/1271

Affected packages

npm / fuffer-xor

Package

Name: fuffer-xor; View open source insights on deps.dev
Purl: pkg:npm/fuffer-xor

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-c2g6-57fp-22wp/GHSA-c2g6-57fp-22wp.json"