CNNVD-202509-1987 Information
CNNVD ID
CNNVD-202509-1987
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
node-is-arrayish是Josh Junon个人开发者的一个代码库。 node-is-arrayish 0.3.3版本存在安全漏洞,该漏洞源于钓鱼攻击导致账户被接管,植入的恶意代码可能重定向浏览器环境中的加密货币交易。
Description (English)
Node-is-arrayish is a code library of Josh Junon’s personal developers. Node-is-arrayish version 0.3.3 contains a security loophole, which stems from the fact that the account was taken over as a result of a fishing attack and that the malware code that was implanted could be redirected into the environment of the browser for encrypted currency transactions.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-09-15
Last Modified
2026-02-24
References
https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack https://github.com/Qix-/node-is-arrayish/security/advisories/GHSA-frh7-2f84-v9mw https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised https://www.ox.security/blog/npm-packages-compromised https://github.com/debug-js/debug/issues/1005
Patch
https://github.com/Qix-/node-is-arrayish/releases
Share on: