Affected script: "install-scripts:preinstall"
The script uses curl, a tool for transferring data, to send the content of '/etc/passwd' to a remote server. The hostname command is used to dynamically generate a subdomain target based on the local machine's hostname, making it a unique endpoint for data exfiltration. The domain it is sent to seems to be for a service (oastify.com) that could be used for out-of-band application security testing, but in this context, it is being abused to exfiltrate the contents of the passwd file which contains user account information. This is a serious security issue because it could leak sensitive information about user accounts on the system.
@atea/warranty-form
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|