9.8

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-49c6-3wr4-8jr4

EPSS Score

CWE

CWE-506

Published

9/4/2020

Updated

1/9/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-49c6-3wr4-8jr4

GHSA-49c6-3wr4-8jr4: Malicious Package in malicious-npm-package

All versions of malicious-npm-package contain malicious code. The malware targets Windows systems. It runs a powershell command that downloads an executable file from a remote server and runs it.

Recommendation

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.

The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-49c6-3wr4-8jr4

EPSS Score

CWE

CWE-506

Published

9/4/2020

Updated

1/9/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
malicious-npm-package	npm	>= 0.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The advisory describes embedded malicious code (CWE-506) but provides no specific code examples, commit diffs, or function names. While the attack vector involves PowerShell command execution (likely via Node.js child_process methods or postinstall scripts), the lack of concrete implementation details in the provided information makes it impossible to identify specific functions/paths with high confidence. The 'Current Vulnerable Functions' array is explicitly empty in the provided data, and no source code references are available to analyze.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ll v*rsions o* `m*li*ious-npm-p**k***` *ont*in m*li*ious *o**. T** m*lw*r* t*r**ts Win*ows syst*ms. It runs * pow*rs**ll *omm*n* t**t *ownlo**s *n *x**ut**l* *il* *rom * r*mot* s*rv*r *n* runs it. ## R**omm*n**tion *ny *omput*r t**t **s t*is p**k

Reasoning

T** **visory **s*ri**s *m****** m*li*ious *o** (*W*-***) *ut provi**s no sp**i*i* *o** *x*mpl*s, *ommit *i**s, or `*un*tion n*m*s`. W*il* t** *tt**k v**tor involv*s Pow*rS**ll *omm*n* *x**ution (lik*ly vi* `No**.js` `**il*_pro**ss` m*t*o*s or postins

9.8

Basic Information

Concerned about an active attack path?

GHSA-49c6-3wr4-8jr4: Malicious Package in malicious-npm-package

Recommendation

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI