Miggo Logo

CVE-2017-16202: cofeescript is malware

N/A

CVSS Score

Basic Information

EPSS Score
0.50328%
Published
8/6/2018
Updated
9/6/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
cofeescriptnpm= 1.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The advisory describes 'cofeescript' as embedded malware but provides no source code or specific function-level details. Malicious behavior (data exfiltration of SSH keys/bash history) likely occurs through package installation hooks (e.g., postinstall scripts) or hidden runtime components, but without access to the actual package code or commit diffs, we cannot identify specific functions with high confidence. The package has been unpublished, further limiting analysis. Standard npm malware patterns suggest potential exploitation via lifecycle scripts, but this remains speculative without concrete code evidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** `*o***s*ript` p**k*** is * pi*** o* m*lw*r* t**t st**ls s*nsitiv* **t* su** *s * us*r's priv*t* SS* k*y *n* **s* *istory, s*n*in* t**m to *tt**k*r *ontroll** lo**tions. *ll v*rsions **v* ***n unpu*lis*** *rom t** npm r**istry. ## R**omm*n**ti

Reasoning

T** **visory **s*ri**s '*o***s*ript' *s *m****** m*lw*r* *ut provi**s no sour** *o** or sp**i*i* *un*tion-l*v*l **t*ils. M*li*ious ****vior (**t* *x*iltr*tion o* SS* k*ys/**s* *istory) lik*ly o**urs t*rou** p**k*** inst*ll*tion *ooks (*.*., postinst*