PT-2018-6154 · Npm · Botbait

Published

2018-06-07

Updated

2020-09-01

CVE-2017-16126

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: botbait (affected versions not specified)

Description: The module botbait is a tool used to track bot and automated tools usage within the npm ecosystem. It records and tracks user information, including source IP, process.versions, process.platform, and how the module was invoked.

Recommendations: Remove the botbait package from your environment if discovered, as it has no functional value.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-16126

GHSA-4R5X-QJQC-P579

Affected Products

Botbait

PT-2018-6154 · Npm · Botbait

CVE-2017-16126

Weakness Enumeration

Related Identifiers

Affected Products

References · 5