Search criteria
6 vulnerabilities found for node-opencv by node-opencv_project
FKIE_CVE-2019-10061
Vulnerability from fkie_nvd - Published: 2019-03-26 01:29 - Updated: 2024-11-21 04:18
Severity
Summary
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.npmjs.com/advisories/789 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.npmjs.com/advisories/789 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| node-opencv_project | node-opencv | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:node-opencv_project:node-opencv:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "D01AD13A-467B-4B1D-A08A-F2EF83839870",
"versionEndExcluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands."
},
{
"lang": "es",
"value": "utils/find-opencv.js in node-opencv (tambi\u00e9n conocido como enlaces de OpenCV para Node.js), en versiones anteriores a la 6.1.0, es vulnerable a la inyecci\u00f3n de comandos. No valida la entrada de usuario permitiendo, as\u00ed, que los atacantes ejecuten comandos arbitrarios."
}
],
"id": "CVE-2019-10061",
"lastModified": "2024-11-21T04:18:18.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T01:29:00.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.npmjs.com/advisories/789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.npmjs.com/advisories/789"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-16067
Vulnerability from fkie_nvd - Published: 2018-06-07 02:29 - Updated: 2024-11-21 03:15
Severity
Summary
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://nodesecurity.io/advisories/506 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/506 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| node-opencv_project | node-opencv | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:node-opencv_project:node-opencv:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "2BC68299-3E7B-48B8-8608-91858D2FE96C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
},
{
"lang": "es",
"value": "node-opencv era un m\u00f3dulo malicioso publicado para secuestrar variables de entorno. Ha sido retirado por npm."
}
],
"id": "CVE-2017-16067",
"lastModified": "2024-11-21T03:15:45.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-07T02:29:00.660",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/506"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-506"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-10061 (GCVE-0-2019-10061)
Vulnerability from cvelistv5 – Published: 2019-03-26 00:07 – Updated: 2024-08-04 22:10
VLAI
Summary
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.npmjs.com/advisories/789 | x_refsource_MISC |
| https://github.com/peterbraden/node-opencv/commit… | x_refsource_MISC |
| https://github.com/peterbraden/node-opencv/commit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/advisories/789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T00:17:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/advisories/789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.npmjs.com/advisories/789",
"refsource": "MISC",
"url": "https://www.npmjs.com/advisories/789"
},
{
"name": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b",
"refsource": "MISC",
"url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
},
{
"name": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563",
"refsource": "MISC",
"url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10061",
"datePublished": "2019-03-26T00:07:20.000Z",
"dateReserved": "2019-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:09.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16067 (GCVE-0-2017-16067)
Vulnerability from cvelistv5 – Published: 2018-06-07 02:00 – Updated: 2024-09-16 17:14
VLAI
Summary
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Severity
No CVSS data available.
CWE
- CWE-506 - Embedded Malicious Code (CWE-506)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://nodesecurity.io/advisories/506 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HackerOne | node-opencv node module |
Affected:
All versions
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:13:07.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-opencv node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "Embedded Malicious Code (CWE-506)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T01:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-opencv node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Embedded Malicious Code (CWE-506)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/506",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-16067",
"datePublished": "2018-06-07T02:00:00.000Z",
"dateReserved": "2017-10-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:14:25.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10061 (GCVE-0-2019-10061)
Vulnerability from nvd – Published: 2019-03-26 00:07 – Updated: 2024-08-04 22:10
VLAI
Summary
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.npmjs.com/advisories/789 | x_refsource_MISC |
| https://github.com/peterbraden/node-opencv/commit… | x_refsource_MISC |
| https://github.com/peterbraden/node-opencv/commit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/advisories/789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T00:17:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/advisories/789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.npmjs.com/advisories/789",
"refsource": "MISC",
"url": "https://www.npmjs.com/advisories/789"
},
{
"name": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b",
"refsource": "MISC",
"url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
},
{
"name": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563",
"refsource": "MISC",
"url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10061",
"datePublished": "2019-03-26T00:07:20.000Z",
"dateReserved": "2019-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:09.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16067 (GCVE-0-2017-16067)
Vulnerability from nvd – Published: 2018-06-07 02:00 – Updated: 2024-09-16 17:14
VLAI
Summary
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Severity
No CVSS data available.
CWE
- CWE-506 - Embedded Malicious Code (CWE-506)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://nodesecurity.io/advisories/506 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HackerOne | node-opencv node module |
Affected:
All versions
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:13:07.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-opencv node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "Embedded Malicious Code (CWE-506)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T01:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-opencv node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Embedded Malicious Code (CWE-506)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/506",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-16067",
"datePublished": "2018-06-07T02:00:00.000Z",
"dateReserved": "2017-10-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:14:25.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}