CVE-2017-16127

EPSS 0.32%
Veröffentlicht 07.06.2018 02:29:03
Zuletzt bearbeitet 21.11.2024 03:15:52
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

The module pandora-doomsday infects other modules. It's since been unpublished from the registry.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pandora-doomsday Project ≫ Pandora-doomsday Version0.0.1 SwPlatformnode.js

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.546

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-509 Replicating Malicious Code (Virus or Worm)

Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or the product.

https://nodesecurity.io/advisories/482

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-16127

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16127

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16127

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-16127