Malicious Package Affecting com.github.codingandcoding:maven-compiler-plugin package, versions [0,]
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-COMGITHUBCODINGANDCODING-1059413
- published 14 Jan 2021
- disclosed 13 Jan 2021
- credit Sonatype Security Research Team
How to fix?
Avoid using com.github.codingandcoding:maven-compiler-plugin
altogether.
Overview
com.github.codingandcoding:maven-compiler-plugin is a malicious package.
Affected versions of this package are vulnerable to Malicious Package.
Within the JAR of this component, the malicious code exists in the execute()
method of the CompilerMojo.class
file, which contains a hardcoded C2 server link.