Description

`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

Remediation

References

CVE-2017-16044

Related Vulnerabilities

Envoy Proxy CVE-2019-18802 Vulnerability (CVE-2019-18802)

WordPress Plugin FL3R FeelBox Multiple Vulnerabilities (8.1)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43941)

WordPress Plugin Spectra-WordPress Gutenberg Blocks Cross-Site Scripting (1.14.11)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.0.0)

Severity

High

Classification

CVE-2017-16044 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities