Malicious Package
Affecting discordi.js package, ALL versions
Do your applications use this vulnerable package?
Test your applications
Overview
discordi.js
is a malicious package that uses typosquatting to bait unknowing users to install them.
Packages like this, which carry similar names to an original package, offer all the functionality of their original, but they also include a code snippet that sends your login tokens to pastebin.
Remediation
Avoid usage of this package altogether.
CVSS Score
8.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionRequired
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- Credit
- Unknown
- CVE
- CVE-2017-16207
- CWE
- CWE-506
- Snyk ID
- npm:discordi.js:20171009
- Disclosed
- 10 Oct, 2017
- Published
- 19 Oct, 2017