Description
The d3.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations.
All versions have been unpublished from the npm registry.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.0.2
References
Related Issues
- Server secret was included in static assets and served to clients - Vulnerability
- Redwood is vulnerable to account takeover via dbAuth "forgot-password - Vulnerability
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- Incorrect default cookie name and recommendation - Vulnerability
- Tags:
- npm
- d3.js
Anything's wrong? Let us know Last updated on September 11, 2023