Embedded malicious code (backdoor) in harmlesspackage - #VU23939
Published: January 6, 2020
Vulnerability identifier: #VU23939
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-506
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: npm Inc.
Affected software:
harmlesspackage
harmlesspackage
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor). The code has limited functionality and there is no evidence of further compromise.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.