Description

discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.

Remediation

References

https://nodesecurity.io/advisories/545

Related Vulnerabilities

CVE-2020-2174 Vulnerability in maven package org.jenkins-ci.plugins:awseb-deployment-plugin

CVE-2017-2650 Vulnerability in maven package cprice404:pipeline-classpath

CVE-2018-1000068 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-5448 Vulnerability in maven package org.webjars.npm:yarn

CVE-2019-5413 Vulnerability in maven package org.webjars.npm:morgan

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Third Party Advisory NVD-CWE-noinfo