Common Weakness Enumeration

CWE-509

Allowed

Replicating Malicious Code (Virus or Worm)

Abstraction: Base · Status: Incomplete

Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or the product.

2 vulnerabilities reference this CWE, most recent first.

CVE-2017-16127 (GCVE-0-2017-16127)

Vulnerability from cvelistv5 – Published: 2018-06-07 02:00 – Updated: 2024-09-16 22:51
VLAI
Summary
The module pandora-doomsday infects other modules. It's since been unpublished from the registry.
Severity
No CVSS data available.
CWE
  • CWE-509 - Replicating Malicious Code (Virus or Worm) (CWE-509)
Assigner
References
URL Tags
https://nodesecurity.io/advisories/482 x_refsource_MISC
Impacted products
Date Public
2018-04-26 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:13:07.211Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nodesecurity.io/advisories/482"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pandora-doomsday node module",
          "vendor": "HackerOne",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "datePublic": "2018-04-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The module pandora-doomsday infects other modules. It\u0027s since been unpublished from the registry."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-509",
              "description": "Replicating Malicious Code (Virus or Worm) (CWE-509)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-07T01:57:01.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nodesecurity.io/advisories/482"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "DATE_PUBLIC": "2018-04-26T00:00:00",
          "ID": "CVE-2017-16127",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "pandora-doomsday node module",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HackerOne"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The module pandora-doomsday infects other modules. It\u0027s since been unpublished from the registry."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Replicating Malicious Code (Virus or Worm) (CWE-509)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nodesecurity.io/advisories/482",
              "refsource": "MISC",
              "url": "https://nodesecurity.io/advisories/482"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2017-16127",
    "datePublished": "2018-06-07T02:00:00.000Z",
    "dateReserved": "2017-10-29T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:51:09.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-428F-MH7W-6W2X

Vulnerability from github – Published: 2020-09-01 18:56 – Updated: 2023-09-07 20:44
VLAI
Summary
pandora-doomsday is malware
Details

The pandora-doomsday package is a malicious package that adds itself to the package.json of other packages discovered on the victim host and attempts to publish the package.

It has been removed from the npm registry.

Recommendation

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.

The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "pandora-doomsday"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-16127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-509"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:24:50Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "The `pandora-doomsday` package is a malicious package that adds itself to the package.json of other packages discovered on the victim host and attempts to publish the package. \n\nIt has been removed from the npm registry.\n\n\n## Recommendation\n\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.\n\nThe package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.",
  "id": "GHSA-428f-mh7w-6w2x",
  "modified": "2023-09-07T20:44:28Z",
  "published": "2020-09-01T18:56:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16127"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/482"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "pandora-doomsday is malware"
}

Mitigation
Operation

Antivirus software scans for viruses or worms.

Mitigation
Installation

Always verify the integrity of the software that is being installed.

No CAPEC attack patterns related to this CWE.