Vulnerabilities > CVE-2019-19771 - Unspecified vulnerability in Lodahs Project Lodahs 1.0.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

lodahs-project

NVD

Published: 2019-12-12

Updated: 2024-11-21

Summary

The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.

Vulnerable Configurations

Part	Description	Count
Application	Lodahs_Project Lodahs Project Lodahs 1.0.0	1

References

https://www.npmjs.com/advisories/1417
https://www.npmjs.com/advisories/1417
https://www.npmjs.com/package/lodahs
https://www.npmjs.com/package/lodahs