<p>Avoid using all malicious instances of the <code>@pornhub/alerts</code> package.</p>

Malicious Package Affecting @pornhub/alerts package, versions *

Snyk CVSS

Attack Complexity Low

Confidentiality High

Threat Intelligence

Exploit Maturity Mature

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-PORNHUBALERTS-1920927
published 14 Nov 2021
disclosed 14 Nov 2021
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 14 Nov 2021

Malicious CWE-506 Open this link in a new tab

How to fix?

Avoid using all malicious instances of the @pornhub/alerts package.

Overview

@pornhub/alerts is a malicious package. Malicious code embedded into the package enumerates the system it is installed on. Attacker's payload is executed automatically upon installation and data is sent via DNS tunneling to the domain .ex.neversummer.xyz.

References

Malicious Code