Malicious Package

Affecting mysql-koa package, ALL versions

Do your applications use this vulnerable package? Test your applications

Overview

mysql-koa is not currently in use, but was formerly occupied by another package.

Affected versions of this package contain malicious code that uploads system information such as OS and hostname to a remote server.

Remediation

There is no fixed version for mysql-koa.

References

CVSS Score

9.8
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Credit
Tran Viet Quang
CWE
CWE-506
Snyk ID
SNYK-JS-MYSQLKOA-460526
Disclosed
30 Aug, 2019
Published
01 Sep, 2019