Miggo Logo

CVE-2016-1000224: Insecure Defaults Leads to Potential MITM in ezseed-transmission

4.2

CVSS Score
3.1

Basic Information

EPSS Score
-
Published
9/1/2020
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
ezseed-transmissionnpm>= 0.0.10, <= 0.0.140.0.15

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the package.json's 'install' script that triggered an HTTP download of jq binary via removed jq.js. The patch removes this script entirely, indicating it was the vulnerable entry point. During runtime (npm install), this would execute as part of npm's lifecycle handling. The function name 'install' corresponds to npm's standard lifecycle script naming convention visible in profilers tracking package installation processes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `*zs***-tr*nsmission` *ownlo** *n* run * s*ript ov*r *n *TTP *onn**tion. *n *tt**k*r in * privil**** n*twork position *oul* l*un** * M*n-in-t**-Mi**l* *tt**k *n* int*r**pt t** s*ript, r*pl**in* it wit* m*li*ious *o**, *ompl*t*ly

Reasoning

T** vuln*r**ility st*ms *rom t** `p**k***.json`'s 'inst*ll' s*ript t**t tri***r** *n `*TTP` *ownlo** o* `jq` *in*ry vi* r*mov** `jq.js`. T** p*t** r*mov*s t*is s*ript *ntir*ly, in*i**tin* it w*s t** vuln*r**l* *ntry point. *urin* runtim* (`npm inst*l