English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.113208
Categoría:Malware
Título:Malicious JavaScript Package Detection
Resumen:Detection and reporting of known malicious JavaScript packages; or package versions.
Descripción:Summary:
Detection and reporting of known malicious JavaScript packages
or package versions.

Vulnerability Impact:
The packages mostly extract information from environment
variables, while some create a remote shell or a command-and-control infrastructure, completely
comprising the target host.

Affected Software/OS:
The following packages are affected:

- npm-script-demo

- pandora-doomsday

- botbait

- d3.js

- jquery.js

- mariadb

- mysqljs

- node-sqlite

- nodesqlite

- sqlite.js

- sqliter

- node-fabric

- fabric-js

- nodefabric

- sqlserver

- mssql.js

- nodemssql

- gruntcli

- mssql-node

- babelcli

- tkinter

- node-tkinter

- node-opensl

- node-openssl

- openssl.js

- opencv.js

- node-opencv

- ffmepg

- nodeffmpeg

- nodecaffe

- nodemailer-js

- nodemailer.js

- noderequest

- crossenv

- http-proxy.js

- proxy.js

- mongose

- shadowsock

- smb

- nodesass

- cross-env.js

- cofee-script, cofeescript, coffescript, coffe-script

- jquey

- discordi.js

- hooka-tools

- getcookies

- nothing-js

- ladder-text-js

- boogeyman

- flatmap-stream included in event-stream version 3.3.6

- jdb.js

- db-json.js

- an0n-chat-lib

- angluar-cli

- discord-fix

- epress

- commmander, commqnder, commander-js

- blubird

- eslint-config-airbnb-standard version 2.0.0, published with a bundled version of eslint-scope that was found to contain malicious code

- eslint-config-eslint version 5.0.2

- eslint-scope version 3.7.2

- rc versions 1.2.9, 1.3.9 and 2.3.9

- coa versions 2.0.3, 2.0.4, 2.1.1, 2.1.3, 3.0.1 and 3.1.3

- ua-parser-js versions 0.7.29, 0.8.0 and 1.0.0

- malicious-npm-package

- sonatype

- load-from-cwd-or-npm version 3.0.2

- smartsearchwp

- portionfatty12

- rrgod

- soket.io, soket.js, foever

- npm-script-demo

- regenraotr, regenrator

- axois

Solution:
- Delete the package

- Clear your npm cache

- Ensure it is not present in any other package.json files on your system

- Regenerate your registry credentials, tokens, and any other sensitive credentials that may have
been present in your environment variables.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-16044
https://nodesecurity.io/advisories/497
Common Vulnerability Exposure (CVE) ID: CVE-2017-16045
https://nodesecurity.io/advisories/496
Common Vulnerability Exposure (CVE) ID: CVE-2017-16046
https://nodesecurity.io/advisories/495
Common Vulnerability Exposure (CVE) ID: CVE-2017-16047
https://nodesecurity.io/advisories/494
Common Vulnerability Exposure (CVE) ID: CVE-2017-16048
https://nodesecurity.io/advisories/493
Common Vulnerability Exposure (CVE) ID: CVE-2017-16049
https://nodesecurity.io/advisories/492
Common Vulnerability Exposure (CVE) ID: CVE-2017-16050
https://nodesecurity.io/advisories/491
Common Vulnerability Exposure (CVE) ID: CVE-2017-16051
https://nodesecurity.io/advisories/490
Common Vulnerability Exposure (CVE) ID: CVE-2017-16052
https://nodesecurity.io/advisories/489
Common Vulnerability Exposure (CVE) ID: CVE-2017-16053
https://nodesecurity.io/advisories/487
Common Vulnerability Exposure (CVE) ID: CVE-2017-16054
https://nodesecurity.io/advisories/488
Common Vulnerability Exposure (CVE) ID: CVE-2017-16055
https://nodesecurity.io/advisories/486
Common Vulnerability Exposure (CVE) ID: CVE-2017-16056
https://nodesecurity.io/advisories/485
Common Vulnerability Exposure (CVE) ID: CVE-2017-16057
https://nodesecurity.io/advisories/484
Common Vulnerability Exposure (CVE) ID: CVE-2017-16058
https://nodesecurity.io/advisories/498
Common Vulnerability Exposure (CVE) ID: CVE-2017-16059
https://nodesecurity.io/advisories/480
Common Vulnerability Exposure (CVE) ID: CVE-2017-16060
https://nodesecurity.io/advisories/499
Common Vulnerability Exposure (CVE) ID: CVE-2017-16061
https://nodesecurity.io/advisories/500
Common Vulnerability Exposure (CVE) ID: CVE-2017-16062
https://nodesecurity.io/advisories/501
Common Vulnerability Exposure (CVE) ID: CVE-2017-16063
https://nodesecurity.io/advisories/502
Common Vulnerability Exposure (CVE) ID: CVE-2017-16064
https://nodesecurity.io/advisories/503
Common Vulnerability Exposure (CVE) ID: CVE-2017-16065
https://nodesecurity.io/advisories/504
Common Vulnerability Exposure (CVE) ID: CVE-2017-16066
https://nodesecurity.io/advisories/505
Common Vulnerability Exposure (CVE) ID: CVE-2017-16067
https://nodesecurity.io/advisories/506
Common Vulnerability Exposure (CVE) ID: CVE-2017-16068
https://nodesecurity.io/advisories/507
Common Vulnerability Exposure (CVE) ID: CVE-2017-16069
https://nodesecurity.io/advisories/508
Common Vulnerability Exposure (CVE) ID: CVE-2017-16070
https://nodesecurity.io/advisories/509
Common Vulnerability Exposure (CVE) ID: CVE-2017-16071
https://nodesecurity.io/advisories/510
Common Vulnerability Exposure (CVE) ID: CVE-2017-16072
https://nodesecurity.io/advisories/511
Common Vulnerability Exposure (CVE) ID: CVE-2017-16073
https://nodesecurity.io/advisories/512
Common Vulnerability Exposure (CVE) ID: CVE-2017-16074
https://nodesecurity.io/advisories/513
Common Vulnerability Exposure (CVE) ID: CVE-2017-16075
https://nodesecurity.io/advisories/514
Common Vulnerability Exposure (CVE) ID: CVE-2017-16076
https://nodesecurity.io/advisories/515
Common Vulnerability Exposure (CVE) ID: CVE-2017-16077
https://nodesecurity.io/advisories/516
Common Vulnerability Exposure (CVE) ID: CVE-2017-16078
https://nodesecurity.io/advisories/517
Common Vulnerability Exposure (CVE) ID: CVE-2017-16079
https://nodesecurity.io/advisories/518
Common Vulnerability Exposure (CVE) ID: CVE-2017-16080
https://nodesecurity.io/advisories/519
Common Vulnerability Exposure (CVE) ID: CVE-2017-16081
https://nodesecurity.io/advisories/520
Common Vulnerability Exposure (CVE) ID: CVE-2017-16128
https://nodesecurity.io/advisories/481
Common Vulnerability Exposure (CVE) ID: CVE-2017-16202
https://nodesecurity.io/advisories/541
Common Vulnerability Exposure (CVE) ID: CVE-2017-16203
https://nodesecurity.io/advisories/543
Common Vulnerability Exposure (CVE) ID: CVE-2017-16204
https://nodesecurity.io/advisories/544
Common Vulnerability Exposure (CVE) ID: CVE-2017-16205
https://nodesecurity.io/advisories/542
Common Vulnerability Exposure (CVE) ID: CVE-2017-16206
https://nodesecurity.io/advisories/540
Common Vulnerability Exposure (CVE) ID: CVE-2017-16207
https://nodesecurity.io/advisories/545
CopyrightCopyright (C) 2018 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.