Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/bitcoijns-lib@0.0.1-security
Typenpm
Namespace
Namebitcoijns-lib
Version0.0.1-security
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-scqe-e1x8-9qf3
vulnerability_id VCID-scqe-e1x8-9qf3
summary 
Malicious Package
All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.

The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
references
0
reference_url https://www.npmjs.com/advisories/1362
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1362
1
reference_url https://github.com/advisories/GHSA-37vc-gwvp-6cgv
reference_id GHSA-37vc-gwvp-6cgv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-37vc-gwvp-6cgv
fixed_packages
aliases GHSA-37vc-gwvp-6cgv, GMS-2020-110
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scqe-e1x8-9qf3
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/bitcoijns-lib@0.0.1-security