GHSA-j8qr-rvcv-crhv – electron-native-notify

Package

Manager: npm
Name: electron-native-notify
Vulnerable Version: <0

Severity

Level: Critical

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Malicious Package in electron-native-notify All versions of `electron-native-notify` contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets. ## Recommendation Remove the package from your environment and [follow the recommendations by Komodo](https://komodoplatform.com/vulnerability-discovered-in-komodos-agama-wallet-this-is-what-you-need-to-do/)

Metadata

Created: 2020-09-11T21:18:05Z
Modified: 2020-08-31T18:40:50Z
Source: MANUAL
CWE IDs: []
Alternative ID: N/A
Finding: N/A
Auto approve: 0