GHSA-mh6f-8j2x-4483 – flatmap-stream

Package

Manager: npm
Name: flatmap-stream
Vulnerable Version: >=0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: N/A pctlN/A

Details

Critical severity vulnerability that affects event-stream and flatmap-stream The NPM package `flatmap-stream` is considered malicious. A malicious actor added this package as a dependency to the NPM `event-stream` package in version `3.3.6`. Users of `event-stream` are encouraged to downgrade to the last non-malicious version, `3.3.4`, or upgrade to the latest 4.x version. Users of `flatmap-stream` are encouraged to remove the dependency entirely.

Metadata

Created: 2018-11-26T23:58:21Z
Modified: 2021-09-15T20:08:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-mh6f-8j2x-4483/GHSA-mh6f-8j2x-4483.json
CWE IDs: ["CWE-506"]
Alternative ID: N/A
Finding: F448
Auto approve: 1