{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41676?format=json","vulnerability_id":"VCID-g3e8-ey1w-77dv","summary":"Embedded Malicious Code\nThis version of coa can be used to steal credentials.","aliases":[{"alias":"GMS-2021-3"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://www.rapid7.com/blog/post/2021/11/05/new-npm-library-hijacks-coa-and-rc/","reference_id":"","reference_type":"","scores":[],"url":"https://www.rapid7.com/blog/post/2021/11/05/new-npm-library-hijacks-coa-and-rc/"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":506,"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g3e8-ey1w-77dv"}