CVE-2017-16207 – discordi.js

Package

Manager: npm
Name: discordi.js
Vulnerable Version: =0.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00199 pctl0.4218

Details

discordi.js is malware The `discordi.js` package is malware that attempts to discover and exfiltrate a user's [Discord](https://discordapp.com/) credentials, sending them to pastebin. All versions have been unpublished from the npm registry. ## Recommendation Do not install / use this module. It has been unpublished from the npm registry but may exist in some caches. Any users that logged into Discord using this library will need to change their credentials.

Metadata

Created: 2018-08-06T21:43:03Z
Modified: 2023-09-09T00:00:04Z
Source: MANUAL
CWE IDs: ["CWE-506"]
Alternative ID: GHSA-fv9m-f7w4-889c
Finding: F448
Auto approve: 1