VYPR

CWE-506

Embedded Malicious Code

ClassIncomplete

Description

The product contains code that appears to be malicious in nature.

Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-442 · CAPEC-448 · CAPEC-636

CVEs mapped to this weakness (82)

page 3 of 5
  • CVE-2017-16075HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16074HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16073HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16072HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16071HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16070HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16069HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16068HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16067HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16066HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16065HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16064HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16063HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16060HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16059HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16058HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16057HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16056HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16055HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16054HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.