<p>Avoid using all malicious instances of the <code>ganache-core-coverage</code> package.</p>

Malicious Package Affecting ganache-core-coverage package, versions *

Threat Intelligence

Mature

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-GANACHECORECOVERAGE-2434316
published 28 Mar 2022
disclosed 28 Mar 2022
credit Tianwen

Report a new vulnerability Found a mistake?

Introduced: 28 Mar 2022

Malicious CWE-506 Open this link in a new tab

How to fix?

Avoid using all malicious instances of the ganache-core-coverage package.

Overview

ganache-core-coverage is a malicious package. This package contained malicious code that leaks sensitive information and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High

Malicious Package Affecting ganache-core-coverage package, versions *

Severity

CVSS assessment made by Snyk's Security Team

Threat Intelligence

Introduced: 28 Mar 2022

How to fix?

Overview

CVSS Scores

Snyk