PT-2018-6086 · Npm · Gruntcli

Published

2018-06-07

Updated

2019-10-09

CVE-2017-16058

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: gruntcli (affected versions not specified)

Description: The gruntcli package is a piece of malware designed to steal environment variables and send them to attacker-controlled locations. All versions of this package have been unpublished from the npm registry. If installed, the primary security concern is determining how it was introduced into the environment.

Recommendations:

Delete the gruntcli package.
Clear your npm cache.
Ensure gruntcli is not present in any other package.json files on your system.
Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been exposed via environment variables. Additionally, review any services that may have been exposed via credentials in your environment variables for indicators of compromise.

Fix

RCE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-506CWE-200

Related Identifiers

CVE-2017-16058

GHSA-9FG5-F5PJ-RWCC

Affected Products

Gruntcli

PT-2018-6086 · Npm · Gruntcli

CVE-2017-16058

Weakness Enumeration

Related Identifiers

Affected Products

References · 5