PT-2018-6104 · Npm · Proxy.Js
Published
2018-06-07
·
Updated
2019-10-09
·
CVE-2017-16076
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
proxy.js (affected versions not specified)
Description:
The issue concerns a malicious module named
proxy.js that was published with the intent to hijack environment variables, effectively stealing them and sending the data to attacker-controlled locations. All versions of this package have been unpublished from the npm registry. If this package is found installed in an environment, the primary security concern is determining how it was installed.Recommendations:
To address the issue, follow these steps:
- Delete the
proxy.jspackage. - Clear your npm cache.
- Ensure the package is not present in any other package.json files on your system.
- Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been exposed via environment variables. Additionally, review any services that may have been exposed via credentials in your environment variables for indicators of compromise.
Fix
RCE
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Proxy.Js