GHSA-fv9m-f7w4-889c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fv9m-f7w4-889c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-fv9m-f7w4-889c/GHSA-fv9m-f7w4-889c.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fv9m-f7w4-889c
- Aliases
-
- CVE-2017-16207
- Published
- 2018-08-06T21:43:03Z
- Modified
- 2023-11-08T03:59:11.323049Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- discordi.js is malware
- Details
-
The
discordi.jspackage is malware that attempts to discover and exfiltrate a user's Discord credentials, sending them to pastebin.All versions have been unpublished from the npm registry.
Recommendation
Do not install / use this module. It has been unpublished from the npm registry but may exist in some caches. Any users that logged into Discord using this library will need to change their credentials.
- Database specific
{ "github_reviewed_at": "2020-06-16T21:35:18Z", "cwe_ids": [ "CWE-506" ], "nvd_published_at": null, "severity": "HIGH", "github_reviewed": true }- References
Affected packages
npm / discordi.js
Package
- Name
- discordi.js
- View open source insights on deps.dev
- Purl
- pkg:npm/discordi.js