PT-2018-6081 · Npm · Fabric-Js

Publicado

2018-06-04

Atualizado

2019-10-09

CVE-2017-16053

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: fabric-js versions all

Description: The issue concerns a malicious module named fabric-js that was published with the intent to hijack environment variables, effectively stealing them and sending the data to locations controlled by attackers. All versions of this module have been removed from the npm registry.

Recommendations: For all versions of fabric-js:

Delete the fabric-js package from your environment.
Clear your npm cache to ensure no remnants of the package remain.
Verify that fabric-js is not listed in any other package.json files on your system to prevent its accidental reinstallation.
Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been exposed through your environment variables. Additionally, review any services that may have been compromised via credentials in your environment variables, such as databases, for signs of unauthorized access.

Correção

RCE

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-506CWE-200

Identificadores relacionados

CVE-2017-16053

GHSA-V73M-FJXV-W4RH

Produtos afetados

Fabric-Js

PT-2018-6081 · Npm · Fabric-Js

CVE-2017-16053

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5