{"id":14332,"date":"2018-11-27T11:07:16","date_gmt":"2018-11-27T10:07:16","guid":{"rendered":"\/?p=14332"},"modified":"2019-03-11T11:16:41","modified_gmt":"2019-03-11T10:16:41","slug":"malicious-code-in-npm-package-event-stream-3-3-6","status":"publish","type":"post","link":"\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/","title":{"rendered":"Malicious code in npm package event-stream 3.3.6"},"content":{"rendered":"<p>Original date: 27.11.2018<br \/>\nOverall risk classification: <span class=\"badge badge-danger\">HIGH<\/span><\/p>\n<h3>Overview<\/h3>\n<p>The npm package event-stream (in version 3.3.6) contains a dependency to a malicious package named flatmap-stream. [1-2]<br \/>\nThe event-stream package is very popular and the malicious child package has been downloaded 8 million times since it is included in event-stream [2].<br \/>\nAccording to Andreas Brieg A12 BAP is using this package in the affected version. A12-Ticket: A12-10520<br \/>\nIf you are using npm, it is highly recommended to review whether you employ the malicious package and take appropriate countermeasures, if so.<\/p>\n<h3>Systems Affected<\/h3>\n<p>npm package event-stream version 3.3.6<br \/>\nany version of npm package flatmap-stream<br \/>\nCheck for flatmap-stream@0.1.1 in your dependencies:<\/p>\n<pre>\r\n$ npm ls event-stream flatmap-stream\r\n...\r\nflatmap-stream@0.1.1\r\n...<\/pre>\n<h3>Threat<\/h3>\n<p><strong>Risk<\/strong>: <span class=\"badge badge-danger\">HIGH<\/span><br \/>\nIf your project uses this malicious version, future builds will fail (malicious version is removed). Builds created before with this malicious version will probably contain the malicious code and potentially execute it.<br \/>\nThe malicious code is apparently focusing on stealing bitcoins from the application [1].<br \/>\n<strong>Exploitability<\/strong>: <span class=\"badge badge-warning\">MEDIUM<\/span><br \/>\nThe malicious code is probably included and executed in your application if you have built it with the affected version.<br \/>\nIf your application handles bitcoins or other crypto-currencies, the activity in the last 3 months should be inspected for suspicious behaviour.<br \/>\n<strong>Priority<\/strong> (for affected, internet-exposed systems): <span class=\"badge badge-warning\">MEDIUM<\/span><br \/>\n<strong>Priority<\/strong> (for internal systems): <span class=\"badge badge-warning\">MEDIUM<\/span><\/p>\n<h3>Mitigation<\/h3>\n<p>Eliminate the malicious package from your application, by reverting back to version 3.3.4 of event-stream [1].<br \/>\nDecide whether further actions should be taken.<\/p>\n<h3>Author<\/h3>\n<p>Martin Sch\u00f6ne<\/p>\n<h3>References<\/h3>\n<p>[1] https:\/\/github.com\/dominictarr\/event-stream\/issues\/116<br \/>\n[2] https:\/\/snyk.io\/blog\/malicious-code-found-in-npm-package-event-stream<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The npm package event-stream (in version 3.3.6) contains a dependency to a malicious package named flatmap-stream.<\/p>\n","protected":false},"author":29,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[64],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Malicious code in npm package event-stream 3.3.6 - sectest.team<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malicious code in npm package event-stream 3.3.6\" \/>\n<meta property=\"og:description\" content=\"The npm package event-stream (in version 3.3.6) contains a dependency to a malicious package named flatmap-stream.\" \/>\n<meta property=\"og:url\" content=\"\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/\" \/>\n<meta property=\"og:site_name\" content=\"sectest.team\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-27T10:07:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-03-11T10:16:41+00:00\" \/>\n<meta name=\"author\" content=\"Tuyen Nguyen\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tuyen Nguyen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"1\u00a0Minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/\",\"url\":\"https:\/\/sectest.hostpress.me\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/\",\"name\":\"[:en]Malicious code in npm package event-stream 3.3.6[:] - sectest.team\",\"isPartOf\":{\"@id\":\"https:\/\/sectest.hostpress.me\/#website\"},\"datePublished\":\"2018-11-27T10:07:16+00:00\",\"dateModified\":\"2019-03-11T10:16:41+00:00\",\"author\":{\"@id\":\"https:\/\/sectest.hostpress.me\/#\/schema\/person\/ac34e9ab3a597646eb101a26405d2c28\"},\"breadcrumb\":{\"@id\":\"https:\/\/sectest.hostpress.me\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/#breadcrumb\"},\"inLanguage\":\"de-DE\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sectest.hostpress.me\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sectest.hostpress.me\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"\/de\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malicious code in npm package event-stream 3.3.6\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sectest.hostpress.me\/#website\",\"url\":\"https:\/\/sectest.hostpress.me\/\",\"name\":\"sectest.team\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sectest.hostpress.me\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"de-DE\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/sectest.hostpress.me\/#\/schema\/person\/ac34e9ab3a597646eb101a26405d2c28\",\"name\":\"Tuyen Nguyen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\/\/sectest.hostpress.me\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ebe0b5655ad033f17aac019256490ba4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ebe0b5655ad033f17aac019256490ba4?s=96&d=mm&r=g\",\"caption\":\"Tuyen Nguyen\"},\"url\":\"\/de\/security-alert\/author\/tutnguyen\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malicious code in npm package event-stream 3.3.6 - sectest.team","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sectest.hostpress.me\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/","og_locale":"de_DE","og_type":"article","og_title":"[:en]Malicious code in npm package event-stream 3.3.6[:] - sectest.team","og_description":"[:en]The npm package event-stream (in version 3.3.6) contains a dependency to a malicious package named flatmap-stream.[:]","og_url":"\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/","og_site_name":"sectest.team","article_published_time":"2018-11-27T10:07:16+00:00","article_modified_time":"2019-03-11T10:16:41+00:00","author":"Tuyen Nguyen","twitter_misc":{"Verfasst von":"Tuyen Nguyen","Gesch\u00e4tzte Lesezeit":"1\u00a0Minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/","url":"https:\/\/sectest.hostpress.me\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/","name":"[:en]Malicious code in npm package event-stream 3.3.6[:] - sectest.team","isPartOf":{"@id":"https:\/\/sectest.hostpress.me\/#website"},"datePublished":"2018-11-27T10:07:16+00:00","dateModified":"2019-03-11T10:16:41+00:00","author":{"@id":"https:\/\/sectest.hostpress.me\/#\/schema\/person\/ac34e9ab3a597646eb101a26405d2c28"},"breadcrumb":{"@id":"https:\/\/sectest.hostpress.me\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/#breadcrumb"},"inLanguage":"de-DE","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sectest.hostpress.me\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/sectest.hostpress.me\/de\/security-alert\/malicious-code-in-npm-package-event-stream-3-3-6\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"\/de\/"},{"@type":"ListItem","position":2,"name":"Malicious code in npm package event-stream 3.3.6"}]},{"@type":"WebSite","@id":"https:\/\/sectest.hostpress.me\/#website","url":"https:\/\/sectest.hostpress.me\/","name":"sectest.team","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sectest.hostpress.me\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de-DE"},{"@type":"Person","@id":"https:\/\/sectest.hostpress.me\/#\/schema\/person\/ac34e9ab3a597646eb101a26405d2c28","name":"Tuyen Nguyen","image":{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/sectest.hostpress.me\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ebe0b5655ad033f17aac019256490ba4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ebe0b5655ad033f17aac019256490ba4?s=96&d=mm&r=g","caption":"Tuyen Nguyen"},"url":"\/de\/security-alert\/author\/tutnguyen\/"}]}},"_links":{"self":[{"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/posts\/14332"}],"collection":[{"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/comments?post=14332"}],"version-history":[{"count":2,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/posts\/14332\/revisions"}],"predecessor-version":[{"id":14334,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/posts\/14332\/revisions\/14334"}],"wp:attachment":[{"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/media?parent=14332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/categories?post=14332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/tags?post=14332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}