CWE-509
AllowedReplicating Malicious Code (Virus or Worm)
Abstraction: Base · Status: Incomplete
Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or the product.
2 vulnerabilities reference this CWE, most recent first.
CVE-2017-16127 (GCVE-0-2017-16127)
Vulnerability from cvelistv5 – Published: 2018-06-07 02:00 – Updated: 2024-09-16 22:51- CWE-509 - Replicating Malicious Code (Virus or Worm) (CWE-509)
| URL | Tags |
|---|---|
| https://nodesecurity.io/advisories/482 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| HackerOne | pandora-doomsday node module |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:13:07.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/482"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pandora-doomsday node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The module pandora-doomsday infects other modules. It\u0027s since been unpublished from the registry."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-509",
"description": "Replicating Malicious Code (Virus or Worm) (CWE-509)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T01:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/482"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pandora-doomsday node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The module pandora-doomsday infects other modules. It\u0027s since been unpublished from the registry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Replicating Malicious Code (Virus or Worm) (CWE-509)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/482",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/482"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-16127",
"datePublished": "2018-06-07T02:00:00.000Z",
"dateReserved": "2017-10-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:51:09.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-428F-MH7W-6W2X
Vulnerability from github – Published: 2020-09-01 18:56 – Updated: 2023-09-07 20:44The pandora-doomsday package is a malicious package that adds itself to the package.json of other packages discovered on the victim host and attempts to publish the package.
It has been removed from the npm registry.
Recommendation
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.
The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "pandora-doomsday"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-16127"
],
"database_specific": {
"cwe_ids": [
"CWE-509"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:24:50Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "The `pandora-doomsday` package is a malicious package that adds itself to the package.json of other packages discovered on the victim host and attempts to publish the package. \n\nIt has been removed from the npm registry.\n\n\n## Recommendation\n\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.\n\nThe package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.",
"id": "GHSA-428f-mh7w-6w2x",
"modified": "2023-09-07T20:44:28Z",
"published": "2020-09-01T18:56:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16127"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/482"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "pandora-doomsday is malware"
}
Mitigation
Antivirus software scans for viruses or worms.
Mitigation
Always verify the integrity of the software that is being installed.
No CAPEC attack patterns related to this CWE.