PT-2020-21134 · Npm · 1337Qq-Js
Published
2020-09-04
·
Updated
2020-09-04
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
1337qq-js versions (all versions)
Description
The issue concerns malicious code within the 1337qq-js package that targets UNIX systems. This code exfiltrates sensitive information, including environment variables, running processes, the contents of /etc/hosts, uname -a output, and the npmrc file, through install scripts.
Recommendations
Remove the 1337qq-js package from your system and rotate any compromised credentials.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
1337Qq-Js