Name of the Vulnerable Software and Affected Versions bignum versions 0.12.2 through 0.13.0

Description The issue concerns the use of node-pre-gyp to download pre-built binary versions of the addon. These binaries were previously hosted on an S3 bucket that has since expired and been claimed by a malicious third party. This malicious party is now serving binaries containing malware, which can exfiltrate data from the user's computer.

Recommendations For bignum versions 0.12.2 through 0.13.0, update to version 0.13.1, which does not use node-pre-gyp and avoids the risk of malicious downloads by not supporting pre-built binary downloads.