Embedded Malicious Code in coa

Cxb5dfb167-23a8

High

10/10

Summary

The npm package coa had versions published with malicious code. Users of affected versions (2.0.3 and above) should downgrade to 2.0.2 as soon as possible and check their systems for suspicious activity.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-506 - Embedded Malicious Code

The application contains code that appears to be malicious in nature.

References

Advisory
Issue
VirusTotal scan

Advisory Timeline

Published Nov 04, 2021

Embedded Malicious Code in coa

Cxb5dfb167-23a8

Summary

CWE-506 - Embedded Malicious Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS