Vulnerabilities

 1 via 1 paths

Dependencies

 421

Source

 GitHub

Commit

 84add374

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 13
Severity
  • 1
  • 13
Status
  • 14
  • 0
  • 0

critical severity
new

Malicious Package

  • Vulnerable module: color
  • Introduced through: color@5.0.1

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 color@5.0.1

Overview

color is a malicious package. This package version contains malicious code that listens for network traffic when run in the context of a browser and focuses on crypto transactions. The malicious code injected to the packages activates a hook whenever a Web3 wallet is present. Once activated the code intercepts and modifies any transaction with ETH value and points it to another address presumably controlled by the attacker. The malicious code also listens for swap/transfer transactions to tamper with as well.

Note:

This advisory is under ongoing investigation and can be updated with additional details.

Remediation

Avoid using all malicious instances of the color package.

References

Malicious Package vulnerability report

medium severity

MPL-2.0 license

  • Module: @dehoist/romanize-thai
  • Introduced through: @dehoist/romanize-thai@1.0.0

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @dehoist/romanize-thai@1.0.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-content
  • Introduced through: @ghostery/adblocker-electron-preload@2.11.6 and @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron-preload@2.11.6 @ghostery/adblocker-content@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @ghostery/adblocker-content@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker-electron-preload@2.11.6 @ghostery/adblocker-content@2.11.6

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-electron
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-electron-preload
  • Introduced through: @ghostery/adblocker-electron-preload@2.11.6 and @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron-preload@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker-electron-preload@2.11.6

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-extended-selectors
  • Introduced through: @ghostery/adblocker-electron-preload@2.11.6 and @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron-preload@2.11.6 @ghostery/adblocker-content@2.11.6 @ghostery/adblocker-extended-selectors@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @ghostery/adblocker-extended-selectors@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @ghostery/adblocker-content@2.11.6 @ghostery/adblocker-extended-selectors@2.11.6
  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker-electron-preload@2.11.6 @ghostery/adblocker-content@2.11.6 @ghostery/adblocker-extended-selectors@2.11.6

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/url-parser
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @ghostery/url-parser@1.3.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/guess-url-type
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/guess-url-type@2.1.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/small
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/small@2.1.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/smaz
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/smaz@2.2.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/smaz-compress
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/smaz@2.2.0 @remusao/smaz-compress@2.2.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/smaz-decompress
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/smaz@2.2.0 @remusao/smaz-decompress@2.2.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/trie
  • Introduced through: @ghostery/adblocker-electron@2.11.6

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#84add37441574e7c297dafa613c0e4f9bef94886 @ghostery/adblocker-electron@2.11.6 @ghostery/adblocker@2.11.6 @remusao/smaz@2.2.0 @remusao/smaz-compress@2.2.0 @remusao/trie@2.1.0

MPL-2.0 license

MPL-2.0 license vulnerability report