Miggo Logo
Miggo Vulnerability Database
GHSA-5327-gfq5-8f4m

GHSA-5327-gfq5-8f4m: Malicious Package in buffer-xmr

9.8

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-5327-gfq5-8f4m
EPSS Score
-
CWE
CWE-506
Published
9/3/2020
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
buffer-xmrnpm>= 0.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The advisory explicitly states that the package contained malicious code targeting Ethereum transactions, but no source code, commit diffs, or specific function names are provided in the vulnerability disclosure. Without access to the actual codebase or implementation details of buffer-xmr@2.0.2, it's impossible to identify specific vulnerable functions with high confidence. The malicious behavior (unauthorized crypto transactions) could be implemented in multiple ways (e.g., hidden in installation scripts, obfuscated code, or dependency chains) that aren't visible from the provided metadata.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsion *.*.* *ont*in** m*li*ious *o**. T** p**k*** t*r**t** t** *t**r*um *rypto*urr*n*y *n* p*r*orm** tr*ns**tions to w*ll*ts not *ontroll** *y t** us*r. ## R**omm*n**tion R*mov* t** p**k*** *rom your *nvironm*nt. *nsur* no *t**r*um *un*s w*r* *o

Reasoning

T** **visory *xpli*itly st*t*s t**t t** p**k*** *ont*in** m*li*ious *o** t*r**tin* *t**r*um tr*ns**tions, *ut no sour** *o**, *ommit *i**s, or sp**i*i* *un*tion n*m*s *r* provi*** in t** vuln*r**ility *is*losur*. Wit*out ****ss to t** **tu*l *o****s*