search

OSSIndex / vulns

Report missing advisories and corrections on OSS Index
17 stars 12 forks source link

DLL injection to coa #209

Closed blaky closed 1 year ago

blaky commented 3 years ago

To facilitate future automation, please use the following format

Advisory details

  URL: https://github.com/veged/coa/issues/99
  format: npm
  namespace: N/A
  name: coa
  versions: 2.1.1, 2.1.3, 2.0.3, 2.0.4, 3.0.3,

More information Please see https://github.com/veged/coa/issues/99 , it looks like someone published a "new" version of this unmaintained library and added a trojan DLL that executes malicious code on Windows machines. Since then, the version was removed from the public NPM repository, but the package could be cached on NPM proxy Nexus servers.

TKr commented 3 years ago

there are also 2.1.1 and 2.0.4

img

https://github.com/veged/coa/issues/101

blaky commented 2 years ago

More info on: https://github.com/advisories/GHSA-73qr-pfmq-6rp8

ken-duck commented 2 years ago

Thanks for the heads up. This has been added and should show in the public database by sometime tomorrow.