Home
Docs
GitHub
Pricing
Blog
Log In

Run Sandworm Audit for your App

Get started
⚠️ This package seems to have critical severity install script vulnerabilities

Affected script: "install-scripts:preinstall"

The script uses curl to send the contents of the '/etc/passwd' file to a remote server. The $(hostname) part dynamically gets the hostname of the system and constructs a URL with it, which is a domain that likely belongs to an attacker. This can leak user information stored in '/etc/passwd', which is a sensitive file containing user account information. The URL suggests the use of a domain generating algorithm or a subdomain for exfiltration, typically used in command and control infrastructure (C2) or for data exfiltration in a security breach. This is a serious security vulnerability as it could lead to information disclosure and potentially be part of a larger attack.

Generated on Feb 22, 2024 via pnpm

@atea/common-design-components 67001.0.1

hello_atea_again
Package summary
Share
4
issues
2
critical severity
vulnerability
2
1
high severity
meta
1
1
moderate severity
meta
1
1
license
1
ISC
Package created
10 Nov 2023
Version published
10 Nov 2023
Maintainers
1
Total deps
1
Direct deps
0
License
ISC

Issues

4

2 critical severity issues

critical
Recommendation: None
via: @atea/common-design-components@67001.0.1
Recommendation: None
via: @atea/common-design-components@67001.0.1
Collapse
Expand

1 high severity issue

high
via: @atea/common-design-components@67001.0.1
Collapse
Expand

1 moderate severity issue

moderate
via: @atea/common-design-components@67001.0.1
Collapse
Expand

Licenses

ISC License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
Cannot
hold-liable
Must
include-copyright
include-license
1 Packages, Including:
@atea/common-design-components@67001.0.1
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

0
All Dependencies CSV
β“˜ This is a list of @atea/common-design-components 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities

Visualizations

All Versions