English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.113208
Category:Malware
Title:Malicious JavaScript Package Detection
Summary:Detection and reporting of known malicious JavaScript packages; or package versions.
Description:Summary:
Detection and reporting of known malicious JavaScript packages
or package versions.

Vulnerability Impact:
The packages mostly extract information from environment
variables, while some create a remote shell or a command-and-control infrastructure, completely
comprising the target host.

Affected Software/OS:
The following packages are affected:

- npm-script-demo

- pandora-doomsday

- botbait

- d3.js

- jquery.js

- mariadb

- mysqljs

- node-sqlite

- nodesqlite

- sqlite.js

- sqliter

- node-fabric

- fabric-js

- nodefabric

- sqlserver

- mssql.js

- nodemssql

- gruntcli

- mssql-node

- babelcli

- tkinter

- node-tkinter

- node-opensl

- node-openssl

- openssl.js

- opencv.js

- node-opencv

- ffmepg

- nodeffmpeg

- nodecaffe

- nodemailer-js

- nodemailer.js

- noderequest

- crossenv

- http-proxy.js

- proxy.js

- mongose

- shadowsock

- smb

- nodesass

- cross-env.js

- cofee-script, cofeescript, coffescript, coffe-script

- jquey

- discordi.js

- hooka-tools

- getcookies

- nothing-js

- ladder-text-js

- boogeyman

- flatmap-stream included in event-stream version 3.3.6

- jdb.js

- db-json.js

- an0n-chat-lib

- angluar-cli

- discord-fix

- epress

- commmander, commqnder, commander-js

- blubird

- eslint-config-airbnb-standard version 2.0.0, published with a bundled version of eslint-scope that was found to contain malicious code

- eslint-config-eslint version 5.0.2

- eslint-scope version 3.7.2

- rc versions 1.2.9, 1.3.9 and 2.3.9

- coa versions 2.0.3, 2.0.4, 2.1.1, 2.1.3, 3.0.1 and 3.1.3

- ua-parser-js versions 0.7.29, 0.8.0 and 1.0.0

- malicious-npm-package

- sonatype

- load-from-cwd-or-npm version 3.0.2

- smartsearchwp

- portionfatty12

- rrgod

- soket.io, soket.js, foever

- npm-script-demo

- regenraotr, regenrator

- axois

Solution:
- Delete the package

- Clear your npm cache

- Ensure it is not present in any other package.json files on your system

- Regenerate your registry credentials, tokens, and any other sensitive credentials that may have
been present in your environment variables.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-16044
https://nodesecurity.io/advisories/497
Common Vulnerability Exposure (CVE) ID: CVE-2017-16045
https://nodesecurity.io/advisories/496
Common Vulnerability Exposure (CVE) ID: CVE-2017-16046
https://nodesecurity.io/advisories/495
Common Vulnerability Exposure (CVE) ID: CVE-2017-16047
https://nodesecurity.io/advisories/494
Common Vulnerability Exposure (CVE) ID: CVE-2017-16048
https://nodesecurity.io/advisories/493
Common Vulnerability Exposure (CVE) ID: CVE-2017-16049
https://nodesecurity.io/advisories/492
Common Vulnerability Exposure (CVE) ID: CVE-2017-16050
https://nodesecurity.io/advisories/491
Common Vulnerability Exposure (CVE) ID: CVE-2017-16051
https://nodesecurity.io/advisories/490
Common Vulnerability Exposure (CVE) ID: CVE-2017-16052
https://nodesecurity.io/advisories/489
Common Vulnerability Exposure (CVE) ID: CVE-2017-16053
https://nodesecurity.io/advisories/487
Common Vulnerability Exposure (CVE) ID: CVE-2017-16054
https://nodesecurity.io/advisories/488
Common Vulnerability Exposure (CVE) ID: CVE-2017-16055
https://nodesecurity.io/advisories/486
Common Vulnerability Exposure (CVE) ID: CVE-2017-16056
https://nodesecurity.io/advisories/485
Common Vulnerability Exposure (CVE) ID: CVE-2017-16057
https://nodesecurity.io/advisories/484
Common Vulnerability Exposure (CVE) ID: CVE-2017-16058
https://nodesecurity.io/advisories/498
Common Vulnerability Exposure (CVE) ID: CVE-2017-16059
https://nodesecurity.io/advisories/480
Common Vulnerability Exposure (CVE) ID: CVE-2017-16060
https://nodesecurity.io/advisories/499
Common Vulnerability Exposure (CVE) ID: CVE-2017-16061
https://nodesecurity.io/advisories/500
Common Vulnerability Exposure (CVE) ID: CVE-2017-16062
https://nodesecurity.io/advisories/501
Common Vulnerability Exposure (CVE) ID: CVE-2017-16063
https://nodesecurity.io/advisories/502
Common Vulnerability Exposure (CVE) ID: CVE-2017-16064
https://nodesecurity.io/advisories/503
Common Vulnerability Exposure (CVE) ID: CVE-2017-16065
https://nodesecurity.io/advisories/504
Common Vulnerability Exposure (CVE) ID: CVE-2017-16066
https://nodesecurity.io/advisories/505
Common Vulnerability Exposure (CVE) ID: CVE-2017-16067
https://nodesecurity.io/advisories/506
Common Vulnerability Exposure (CVE) ID: CVE-2017-16068
https://nodesecurity.io/advisories/507
Common Vulnerability Exposure (CVE) ID: CVE-2017-16069
https://nodesecurity.io/advisories/508
Common Vulnerability Exposure (CVE) ID: CVE-2017-16070
https://nodesecurity.io/advisories/509
Common Vulnerability Exposure (CVE) ID: CVE-2017-16071
https://nodesecurity.io/advisories/510
Common Vulnerability Exposure (CVE) ID: CVE-2017-16072
https://nodesecurity.io/advisories/511
Common Vulnerability Exposure (CVE) ID: CVE-2017-16073
https://nodesecurity.io/advisories/512
Common Vulnerability Exposure (CVE) ID: CVE-2017-16074
https://nodesecurity.io/advisories/513
Common Vulnerability Exposure (CVE) ID: CVE-2017-16075
https://nodesecurity.io/advisories/514
Common Vulnerability Exposure (CVE) ID: CVE-2017-16076
https://nodesecurity.io/advisories/515
Common Vulnerability Exposure (CVE) ID: CVE-2017-16077
https://nodesecurity.io/advisories/516
Common Vulnerability Exposure (CVE) ID: CVE-2017-16078
https://nodesecurity.io/advisories/517
Common Vulnerability Exposure (CVE) ID: CVE-2017-16079
https://nodesecurity.io/advisories/518
Common Vulnerability Exposure (CVE) ID: CVE-2017-16080
https://nodesecurity.io/advisories/519
Common Vulnerability Exposure (CVE) ID: CVE-2017-16081
https://nodesecurity.io/advisories/520
Common Vulnerability Exposure (CVE) ID: CVE-2017-16128
https://nodesecurity.io/advisories/481
Common Vulnerability Exposure (CVE) ID: CVE-2017-16202
https://nodesecurity.io/advisories/541
Common Vulnerability Exposure (CVE) ID: CVE-2017-16203
https://nodesecurity.io/advisories/543
Common Vulnerability Exposure (CVE) ID: CVE-2017-16204
https://nodesecurity.io/advisories/544
Common Vulnerability Exposure (CVE) ID: CVE-2017-16205
https://nodesecurity.io/advisories/542
Common Vulnerability Exposure (CVE) ID: CVE-2017-16206
https://nodesecurity.io/advisories/540
Common Vulnerability Exposure (CVE) ID: CVE-2017-16207
https://nodesecurity.io/advisories/545
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.