Risk | High |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | N/A |
CWE-ID | CWE-506 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
harmlesspackage Web applications / Modules and components for CMS |
Vendor | npm Inc. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU23939
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-506 - Embedded Malicious Code
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor). The code has limited functionality and there is no evidence of further compromise.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsharmlesspackage: 0.0.1
External linkshttp://www.npmjs.com/advisories/1199
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.