Description

node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

Remediation

References

https://nodesecurity.io/advisories/506

Related Vulnerabilities

CVE-2021-23567 Vulnerability in npm package colors

CVE-2021-39133 Vulnerability in maven package org.rundeck:rundeck

CVE-2016-5005 Vulnerability in maven package org.apache.archiva:archiva

CVE-2019-20364 Vulnerability in maven package org.igniterealtime.openfire:xmppserver

CVE-2017-7678 Vulnerability in maven package org.apache.spark:spark-core_2.11

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory