Skip to content
This repository has been archived by the owner on Jan 19, 2023. It is now read-only.

DLL injection to coa #209

Closed
blaky opened this issue Nov 4, 2021 · 3 comments
Closed

DLL injection to coa #209

blaky opened this issue Nov 4, 2021 · 3 comments
Labels
advisory An advisory missing from the OSS Index database

Comments

@blaky
Copy link

blaky commented Nov 4, 2021
edited

To facilitate future automation, please use the following format

Advisory details

  URL: https://github.com/veged/coa/issues/99
  format: npm
  namespace: N/A
  name: coa
  versions: 2.1.1, 2.1.3, 2.0.3, 2.0.4, 3.0.3,

More information
Please see veged/coa#99 , it looks like someone published a "new" version of this unmaintained library and added a trojan DLL that executes malicious code on Windows machines. Since then, the version was removed from the public NPM repository, but the package could be cached on NPM proxy Nexus servers.
@blaky blaky added the advisory An advisory missing from the OSS Index database label Nov 4, 2021
@TKr
Copy link

TKr commented Nov 4, 2021

there are also
2.1.1 and 2.0.4

img

veged/coa#101

@blaky
Copy link
Author

blaky commented Nov 4, 2021

More info on: GHSA-73qr-pfmq-6rp8

@ken-duck
Copy link
Contributor

ken-duck commented Nov 5, 2021

Thanks for the heads up. This has been added and should show in the public database by sometime tomorrow.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
advisory An advisory missing from the OSS Index database
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TKr @blaky @ken-duck