node-openssl_project/node-openssl: The latest CVE Vulnerabilities and Exploits for Penetration Test
Page content
node-openssl_project/node-openssl Vulnerability Summary
- Vendor name: node-openssl_project
- Product name: node-openssl
- Total vulnerabilities: 1 (as 2023-05-04)
node-openssl_project/node-openssl Vulnerability List
CVE-2017-16064: node-openssl was a malicious module published with the intent to hijack environment variables. It…
Published: 2018-06-07T02:29:00 Last Modified: 2019-10-09T23:24:00
Summary
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2017-16064 vulnerability.
References
See also: All popular products CVE Vulnerabilities of node-openssl_project