PT-2018-19174 · Npm · Flatmap-Stream+1
Publicado
2018-11-26
·
Atualizado
2018-11-26
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
event-stream versions 3.3.6
flatmap-stream (affected versions not specified)
Description
A malicious package
flatmap-stream was added as a dependency to the NPM event-stream package. This issue affects users of event-stream who have version 3.3.6. Users are advised to take action to mitigate the risk.Recommendations
For event-stream version 3.3.6, downgrade to version 3.3.4 or upgrade to the latest 4.x version.
For flatmap-stream, remove the dependency entirely.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Event-Stream
Flatmap-Stream