CVE-2019-19771

Published
View on NVD ↗
CVSS v3
8.8
HIGH
CVSS v2
9.3
HIGH
Affected
1
PROJECT

Description

The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.

lodahs
lodahs
security holding package
NPMNPM