Description

`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

Remediation

References

CVE-2017-16044

Related Vulnerabilities

WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.14)

WordPress Same Origin Method Execution (SOME) Vulnerability (0.70 - 3.7.13)

Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6872)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5406)

Joomla Cross-Site Request Forgery (CSRF) (CVE-2021-26033)

Severity

High

Classification

CVE-2017-16044 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities