MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4ZzItY2Y2aC14NHY4

Critical

Permalink JSON

Malicious Package in buffer-por

Affected Packages	Affected Versions	Fixed Versions
npm:buffer-por PURL: `pkg:npm/buffer-por`	>= 0.0.0	No known fixed version
1 Dependent packages 1 Dependent repositories 2 Downloads last month Affected Version Ranges All affected versions 0.0.1-security

Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.

Recommendation

Remove the package from your environment. Ensure no Ethereum funds were compromised.

References:

https://www.npmjs.com/advisories/1243
https://github.com/advisories/GHSA-6xg2-cf6h-x4v8

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4ZzItY2Y2aC14NHY4

Malicious Package in buffer-por

Affected Version Ranges

All affected versions

Recommendation

Identifiers

Risk

Severity

Classification

Source

Origin

Date and time

Published

Updated

API