<p>Avoid using <code>rate-map</code> version 1.0.3 altogether. Furthermore, upgrade <code>rate-map</code> to version 1.0.5 or higher.</p>

Malicious Package Affecting rate-map package, versions >=1.0.3 <1.0.5

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Exploit Maturity Mature

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-RATEMAP-451649
published 18 Jul 2019
disclosed 17 Jul 2019
credit Harry Garood

Report a new vulnerability Found a mistake?

Introduced: 17 Jul 2019

Malicious CWE-506 Open this link in a new tab

How to fix?

Avoid using rate-map version 1.0.3 altogether. Furthermore, upgrade rate-map to version 1.0.5 or higher.

Overview

rate-map is a package that maps a number in the range of 0-1 to a new value with a given range.

Affected versions of this package are Malicious. Version 1.0.3 of the package was found to contain malicious code. When executed, the malicious code breaks functionality of the purescript-installer package by rewriting code of the dl-tar dependency.

References

NPM Advisory