How severe is CVE-2017-16202?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2017-16202?

This is classified as CWE-506, which is a common weakness in software security.

CVE-2017-16202

HIGH Year: 2017

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-506

View all →

Vulnerability Description

The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

CVE-2017-16044

HIGH

CVSS:7.5(High)

`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CWE-5062017

CVE-2017-16045

HIGH

CVSS:7.5(High)

`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CWE-5062017

CVE-2017-16046

HIGH

CVSS:7.5(High)

`mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CWE-5062017

CVE-2017-16047

HIGH

CVSS:7.5(High)

mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CWE-5062017

CVE-2017-16048

HIGH

CVSS:7.5(High)

`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CWE-5062017

CVE-2017-16049

HIGH

CVSS:7.5(High)

`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CWE-5062017

CVE-2017-16202

Vulnerability Description

Related Vulnerabilities

CVE-2017-16044

CVE-2017-16045

CVE-2017-16046

CVE-2017-16047

CVE-2017-16048

CVE-2017-16049