5 RCEs in npm for $15,000
Tags
attack-pattern: Direct Software - T1592.002 Vulnerabilities - T1588.006 Sudo - T1169
Show in Graph
Common Information
Type Value
UUID dde35aee-a384-4e2b-8b9e-57ccdf661693
Fingerprint 8a07983de7255bc1
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 20, 2021, midnight
Added to db Jan. 18, 2023, 10:20 p.m.
Last updated Nov. 17, 2024, 12:55 p.m.
Headline 5 RCEs in npm for $15,000
Title 5 RCEs in npm for $15,000
Detected Hints/Tags/Attributes 53/1/24
Source URLs
Redirection Url
Details Source https://robertchen.cc/blog/2021/09/20/npm-rce
URL Provider
Details Provider Source level domain
Details robertchen.cc robertchen.cc
Attributes
Details Type #Events CTI Value
Details CVE 2 
cve-2021-32804
Details CVE 2 
cve-2021-32803
Details CVE 3 
cve-2021-37701
Details CVE 3 
cve-2021-37712
Details CVE 2 
cve-2021-37713
Details CVE 1 
cve-2021-39134
Details CVE 4 
cve-2019-16776
Details Domain 1 
robertchen.cc
Details Domain 5 
registry.npmjs.org
Details Domain 78 
attacker.com
Details File 1 
unpack.js
Details File 1 
mkdir.js
Details File 1 
winchars.js
Details File 1 
path-reservations.js
Details File 1 
strip-absolute-path.js
Details File 1 
test-path-resolve.js
Details File 1 
poc.tar
Details File 1 
dircache.key
Details File 1 
cache.key
Details File 3 
package.tar
Details sha1 1 
9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
Details sha1 1 
53602669f58ddbeb3294d7196b3320aaaed22728
Details sha1 1 
23312ce7db8a12c78d0fba96d7664a01619266a3
Details Url 1 
https://attacker.com/package.tar.gz