Malicious Package in mogodb-core
Critical severity
GitHub Reviewed
Published
Sep 3, 2020
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Sep 3, 2020
Last updated
Jan 9, 2023
This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server.
Recommendation
Remove the package from your environment. There are no indications of further compromise.
References