GHSA-fgp6-8g62-qx6w – smartsearchwp

Package

Manager: npm
Name: smartsearchwp
Vulnerable Version: <0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Malicious Package in smartsearchwp All versions of `smartsearchwp` contain malicious code. The package is malware intended to steal credentials from websites it is loaded in. It traverses DOM elements looking for fields such as `username` and `password` and uploads it to a remote server. The package also port-scans the local gateway and uploads the information to the remote server. It has a feature to fetch commands from the remote server and execute them with `eval`. The npm security team analysis found several bugs in the malware that prevent it from actually performing its actions. The malicious code is also not invoked upon installation or require; it would require transpiling TypeScript code and using it in a website. ## Recommendation Remove the package from your environment. There is no indication of further compromise.

Metadata

Created: 2020-09-03T17:01:45Z
Modified: 2021-09-30T21:58:23Z
Source: MANUAL
CWE IDs: ["CWE-506"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0