CNNVD-202509-1993 Information
CNNVD ID
CNNVD-202509-1993
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
debug是Debug.js开源的一个以 Node.js 核心调试技术为模型的小型 JavaScript 调试实用程序。 debug 4.4.2版本存在安全漏洞,该漏洞源于钓鱼攻击导致账户被接管,恶意软件可能重定向加密货币交易。
Description (English)
Debug is a small JavaScript debug application modelled on the Node.js core debugging technique from the open source of Debug.js. There is a security loophole in version debug 4.4.2, which stems from the fact that the account was taken over as a result of a fishing attack and that malicious software could be redirected to encrypted currency transactions.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Debug.js
Published
2025-09-15
Last Modified
2026-02-24
References
https://github.com/debug-js/debug/security/advisories/GHSA-4x49-vf9v-38px https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised https://www.ox.security/blog/npm-packages-compromised https://github.com/debug-js/debug/issues/1005
Patch
https://github.com/debug-js/debug/releases
Share on: