GHSA-q2hm-gx3f-h63q

Suggest an improvement
Source
https://github.com/advisories/GHSA-q2hm-gx3f-h63q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-q2hm-gx3f-h63q/GHSA-q2hm-gx3f-h63q.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q2hm-gx3f-h63q
Withdrawn
2021-02-23T21:23:16Z
Published
2021-02-23T21:23:16Z
Modified
2021-02-23T21:23:16Z
Summary
Backdoor / Malicious code
Details

lita-coin 0.0.3 contains a backdoor mechanism that allows launching of hidden cryptocurrency mining operations inside the project. The code also contained a backdoor mechanism that allowed the attacker to send a cookie file back to a compromised project, and allow the attacker to execute malicious commands.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2019-08-28T16:16:58Z"
}
References

Affected packages

RubyGems / lita-coin

Package

Name
lita-coin
Purl
pkg:gem/lita-coin

Affected ranges

Affected versions

0.*

0.0.3