getcookies contains a malicious backdoor.
The backdoor works by parsing the user-supplied HTTP
request.headers, looking for specifically formatted data that provides three different commands to the backdoor:
- resetting the code buffer.
- executing code located in the buffer by calling
- loading remote code in to memory for execution.
These control codes allowed for an attacker to input arbitrary code into a running server and execute it.
The list of packages and their scripts are:
express-cookies getcookies http-fetch-cookies
Avoid usage of this package altogether.
- Snyk ID
- 02 May, 2018
- 03 May, 2018