Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2OW0tZjd3NC04ODlj
discordi.js is malware
The discordi.js package is malware that attempts to discover and exfiltrate a user's Discord credentials, sending them to pastebin.
All versions have been unpublished from the npm registry.
Recommendation
Do not install / use this module. It has been unpublished from the npm registry but may exist in some caches. Any users that logged into Discord using this library will need to change their credentials.
Permalink: https://github.com/advisories/GHSA-fv9m-f7w4-889cJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2OW0tZjd3NC04ODlj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 6 years ago
Updated: over 1 year ago
CVSS Score: 7.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Percentage: 0.00098
EPSS Percentile: 0.41905
Identifiers: GHSA-fv9m-f7w4-889c, CVE-2017-16207
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-16207
- https://github.com/advisories/GHSA-fv9m-f7w4-889c
- https://www.npmjs.com/advisories/545
Affected Packages
npm:discordi.js
Dependent packages: 1Dependent repositories: 1
Downloads: 2 last month
Affected Version Ranges: <= 14.0.3
No known fixed version
All affected versions: