CVE-2017-16073

Name of the Vulnerable Software and Affected Versions: noderequest versions all

Description: The issue concerns a malicious module named noderequest that was published with the intent to hijack environment variables, sending them to attacker-controlled locations. All versions of this module have been unpublished from the npm registry.

Recommendations: Delete the noderequest package from your environment. Clear your npm cache. Ensure noderequest is not present in any other package.json files on your system. Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been present in your environment variables. Review any services exposed via credentials in your environment variables for indicators of compromise.