CVE-2017-16207
discordi.js is malware
7.3
HIGH
CVSS 3.1
EPSS 0.20%
描述
The `discordi.js` package is malware that attempts to discover and exfiltrate a user's [Discord](https://discordapp.com/) credentials, sending them to pastebin. All versions have been unpublished from the npm registry. ## Recommendation Do not install / use this module. It has been unpublished from the npm registry but may exist in some caches. Any users that logged into Discord using this library will need to change their credentials.
如何修補 CVE-2017-16207
目前尚未發布修補版本。可考慮移除受影響套件,或參考下方連結中的上游建議。
- —未列出修補版本
CVE-2017-16207 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, <= 14.0.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |