An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRobTctNzNjaC12bTU5
Malicious Package in buffer-8or
Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Remove the package from your environment. Ensure no Ethereum funds were compromised.Permalink: https://github.com/advisories/GHSA-4hm7-73ch-vm59
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
No known fixed version