CVE-2017-16048

Name of the Vulnerable Software and Affected Versions: node-sqlite versions all

Description: The issue concerns a malicious module named node-sqlite that was published with the intent to hijack environment variables, effectively stealing them and sending the information to attacker-controlled locations. All versions of this package have been unpublished from the npm registry.

Recommendations: Delete the node-sqlite package from your environment. Clear your npm cache to ensure no remnants of the package remain. Verify that node-sqlite is not present in any other package.json files on your system to prevent its accidental reinstatement. Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been exposed via environment variables. Review any services that may have been compromised due to exposed credentials, such as databases, for indicators of compromise.