Malicious Package in js-sha7
Critical severity
GitHub Reviewed
Published
Sep 3, 2020
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Sep 3, 2020
Last updated
Jan 9, 2023
Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Recommendation
Remove the package from your environment. Ensure no Ethereum funds were compromised.
References