VYPR

CWE-506

Embedded Malicious Code

ClassIncomplete

Description

The product contains code that appears to be malicious in nature.

Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-442 · CAPEC-448 · CAPEC-636

CVEs mapped to this weakness (82)

page 5 of 5
  • CVE-2022-23812Mar 16, 2022
    risk 0.00cvss epss 0.04

    This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious code…

  • CVE-2019-19771Dec 12, 2019
    risk 0.00cvss epss 0.01

    The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.