GHSA-m852-866j-69j8: 
JavaScript vulnerability analysis and mitigation

A critical security vulnerability was identified in eslint-config-airbnb-standard version 2.0.0, tracked as GHSA-m852-866j-69j8. The vulnerability was discovered and published to the GitHub Advisory Database on September 1, 2020, with the last update on January 9, 2023. The affected package is eslint-config-airbnb-standard version 2.0.0, with version 2.1.0 released as the patched version (GitHub Advisory).

The vulnerability received a Critical severity rating with a CVSS score of 9.8. The CVSS v3 base metrics indicate Network attack vector, Low attack complexity, No privileges required, No user interaction needed, Unchanged scope, and High impact on Confidentiality, Integrity, and Availability. The vulnerability is classified under CWE-506 (GitHub Advisory).

The malicious code bundled within the compromised package would access the user's .npmrc file and transmit its contents to a remote server, potentially exposing sensitive information including npm tokens and other configuration data (GitHub Advisory).

Users who have installed this package are strongly advised to revoke all their npm tokens and switch to a different version of the module. The vulnerability has been patched in version 2.1.0. Detailed instructions for token revocation can be found in the npm documentation (GitHub Advisory).