Description
The d3.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations.
All versions have been unpublished from the npm registry.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.0.2
References
Related Issues
- openssl.js is malware - CVE-2017-16065
- Regular Expression Denial of Service in marked - marked - CVE-2017-16114
- Denial of Service in mqtt - mqtt - CVE-2017-10910
- Modified package published to npm, containing malware that exfiltrates private key material - CVE-2024-54134
You might also like:
- Tags:
- npm
- d3.js
Anything's wrong? Let us know Last updated on September 11, 2023


