Malicious Package Affecting epress package, versions =4.13.2
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-EPRESS-174910
- published 5 Jun 2019
- disclosed 4 Jun 2019
- credit npm security
How to fix?
Avoid using epress
altogether.
Overview
epress is a malicious package.
The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. Upon require the package attempts to start a cryptocurrency miner using coin-hive.
References
CVSS Scores
version 3.1