CNNVD-202509-1990 Information
CNNVD ID
CNNVD-202509-1990
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
node-error-ex是Josh Junon个人开发者的一个库。 node-error-ex 1.3.3版本存在安全漏洞,该漏洞源于钓鱼攻击导致账户被接管,恶意版本包含特制有效载荷,可能重定向浏览器环境中的加密货币交易。
Description (English)
Node-error-ex is a library of Josh Junon’s personal developers. Node-error-ex 1.3.3 has a security loophole, resulting from a fishing attack that led to the taking over of the account, a malicious version that contains a specially designed payload and a possible redirected browser environment for encrypted currency transactions.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-09-15
Last Modified
2026-02-24
References
https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised https://www.ox.security/blog/npm-packages-compromised https://github.com/Qix-/node-error-ex/security/advisories/GHSA-6jp5-hh4c-8c5h https://github.com/debug-js/debug/issues/1005
Patch
https://github.com/Qix-/node-error-ex/releases
Share on: