Description

`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

Remediation

References

https://nodesecurity.io/advisories/497

Related Vulnerabilities

CVE-2023-37944 Vulnerability in maven package org.datadog.jenkins.plugins:datadog

CVE-2012-0393 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2021-28092 Vulnerability in maven package org.webjars.npm:is-svg

CVE-2016-11023 Vulnerability in maven package org.odata4j:odata4j-core

CVE-2017-7957 Vulnerability in maven package org.sonatype.nexus.xstream:xstream

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory