PT-2018-6072 · Npm · D3.Js

Publicado

2018-06-04

·

Atualizado

2019-10-09

·

CVE-2017-16044

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: d3.js versions (affected versions not specified)
Description: The issue concerns a malicious module named d3.js that was published with the intent to hijack environment variables, effectively stealing them and sending the information to attacker-controlled locations. All versions of this package have been unpublished from the npm registry.
Recommendations: As a malicious package, if d3.js is found installed, the primary concern is determining its origin.
  1. Delete the d3.js package.
  2. Clear the npm cache.
  3. Ensure d3.js is not present in any other package.json files on the system.
  4. Regenerate registry credentials, tokens, and any sensitive credentials that may have been exposed via environment variables. Additionally, review services that may have been compromised due to exposed credentials, such as databases, for indicators of compromise.

Correção

RCE

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-506CWE-200

Identificadores relacionados

CVE-2017-16044
GHSA-QMJG-G86H-6RC9

Produtos afetados

D3.Js