GHSA-38vq-cjh5-vw7x – nodes.js

Package

Manager: npm
Name: nodes.js
Vulnerable Version: <0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Malicious Package in nodes.js All versions of `nodes.js ` contain malicious code. The package searches and installs globally thousands of packages based on keywords `node`, `react`, `react-native`, `vue`, `angular` and `babel` to fill the system's memory. ## Recommendation Remove the package from your environment and validate what packages are installed.

Metadata

Created: 2020-09-03T18:13:41Z
Modified: 2021-09-30T20:04:09Z
Source: MANUAL
CWE IDs: ["CWE-506"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0