Trusted Design

• 重大度: HIGH
• 公開日: 2025-07-19
• 更新日: 2026-02-26

概要

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

このCVEに関連するMITRE ATT&CKテクニック

• T1492 - Stored Data Manipulation
• T1583.002 - DNS Server
• T1192 - Spearphishing Link
• T1121 - Regsvcs/Regasm
• T1213.006 - Databases
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1558 - Steal or Forge Kerberos Tickets
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1589 - Gather Victim Identity Information
• T1181 - Extra Window Memory Injection
• T1145 - Private Keys
• T1681 - Search Threat Vendor Data
• T1179 - Hooking
• T1042 - Change Default File Association
• T1546.008 - Accessibility Features
• T1552.001 - Credentials In Files
• T1608 - Stage Capabilities
• T1608.005 - Link Target
• T1204 - User Execution
• T1606 - Forge Web Credentials
• T1679 - Selective Exclusion
• T1219.003 - Remote Access Hardware
• T1584.006 - Web Services
• T1110.004 - Credential Stuffing
• T1595.003 - Wordlist Scanning
• T1137.004 - Outlook Home Page
• T1213.003 - Code Repositories
• T1223 - Compiled HTML File
• T1159 - Launch Agent
• T1538 - Cloud Service Dashboard
• T1160 - Launch Daemon
• T1653 - Power Settings
• T1591.001 - Determine Physical Locations
• T1001.002 - Steganography
• T1588.005 - Exploits
• T1127 - Trusted Developer Utilities Proxy Execution

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る