Malicious Package Affecting hulp package, versions *
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-HULP-174889
- published 4 Jun 2019
- disclosed 3 Jun 2019
- credit NPM Security
How to fix?
Avoid using hulp
altogether.
Overview
hulp is a malicious package.
The package contains malicious code as a preinstall script. When installed, the package calls home to a Command and Control server to execute arbitrary commands.
References
CVSS Scores
version 3.1