Malicious Package Affecting requestt package, versions *
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-REQUESTT-174673
- published 14 May 2019
- disclosed 6 May 2019
- credit Nathan Doak
How to fix?
Avoid using requestt
altogether.
Overview
requestt is a malicious package.
When installed through a typosquatting attack, the package will extract and upload information to a remote server including name of the downloaded package, name of the intended package, the Node version and whether the process was running as sudo.