Homepage About Snyk

Malicious Package Affecting @aws-cdk-example-dynamic-web-config/shared Open this link in a new tab package, versions *

0.0
medium

  • Exploit Maturity

    Mature

  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

  • snyk-id

    SNYK-JS-AWSCDKEXAMPLEDYNAMICWEBCONFIGSHARED-2807075

  • published

    3 May 2022

  • disclosed

    3 May 2022

  • credit

    unknown

Report a new vulnerability Found a mistake?

Introduced: 3 May 2022

New Malicious CWE-506 Open this link in a new tab

How to fix?

Avoid using @aws-cdk-example-dynamic-web-config/shared altogether.

Overview

@aws-cdk-example-dynamic-web-config/shared is a malicious package. It exfiltrates user information such as env variables, operating system, and hostname.

References