You are here

Home › Malicious Code in NPM Package 'event-stream'

Malicious Code in NPM Package 'event-stream'

Submitted on 27. November 2018 - 14:33 by Anonymous (not verified).
Last update on 18. August 2020 - 16:43.
Keywords: 
npm, event-stream, malicious code
Description: 

Malicious code was found in the NPM package 'event-stream' , which is widely used. The code appears to focus on stealing bitcoins.

Airlock Suite (IAM and WAF) is not affected, as the affected version of 'event-stream' is not used.

If you are using 'event-stream' version 3.3.6 in your web application, we recommend to revert to version 3.3.4.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
Article on heise.de
More details on the snyk blog
© Ergon Informatik AG