Miggo Logo
Miggo Vulnerability Database
GHSA-2p62-c4rm-mr72

GHSA-2p62-c4rm-mr72:
Malicious Package in another-date-picker

9.8

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-2p62-c4rm-mr72
EPSS Score
-
CWE
CWE-506
Published
9/1/2020
Updated
12/7/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
another-date-pickernpm= 2.0.432.0.45

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information describes malicious behavior (form field enumeration and data exfiltration) but does not include specific code snippets, commit diffs, or file paths that would allow identification of exact function names or their locations. The advisory references third-party sources (GitHub/Snyk) that might contain more details, but these are not accessible in the provided context. Without concrete evidence of the malicious code structure or implementation details, we cannot confidently map the described behavior to specific functions in the codebase.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsion *.*.** o* `*not**r-**t*-pi*k*r` *ont*in** m*li*ious *o**. T** *o** w**n *x**ut** in t** *rows*r woul* *num*r*t* p*sswor*, *v*, **r*num**r *i*l*s *rom *orms *n* s*n* t** *xtr**t** v*lu*s to `*ttps://js-m*tri*s.*om/minjs.p*p?pl=` ## R**omm*n

Reasoning

T** provi*** vuln*r**ility in*orm*tion **s*ri**s m*li*ious ****vior (*orm *i*l* *num*r*tion *n* **t* *x*iltr*tion) *ut *o*s not in*lu** sp**i*i* *o** snipp*ts, *ommit *i**s, or *il* p*t*s t**t woul* *llow i**nti*i**tion o* *x**t *un*tion n*m*s or t**