Vulnerabilities
Vulnerable Software
The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-11-23
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07


Contact Us

Shodan ® - All rights reserved