Miggo Logo
Miggo Vulnerability Database
GHSA-73hr-6785-f5p8

GHSA-73hr-6785-f5p8:
Malicious Package in donotinstallthis

9.8

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-73hr-6785-f5p8
EPSS Score
-
CWE
CWE-506
Published
9/2/2020
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
donotinstallthisnpm>= 0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from malicious code in the package's install script, which is executed during installation. However, the provided information does not specify any particular functions or file paths containing the malicious code. NPM install scripts are typically defined in package.json's 'scripts' field (e.g., preinstall/postinstall), but without access to the actual package.json or script implementation details, we cannot identify specific vulnerable functions with high confidence. The advisory only confirms the presence of malicious behavior in the installation process, not specific code functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** p**k*** `*onotinst*llt*is` *ont*in** m*li*ious *o**. T** p**k*** *ont*in** * s*ript t**t w*s run *s p*rt o* t** inst*ll s*ript. T** s*ript *ont**t** * r*mot* s*rvi** tr**kin* *ow m*ny inst*ll*tions w*r* *on*. T**r* is no *urt**r *ompromis*. ##

Reasoning

T** vuln*r**ility st*ms *rom m*li*ious *o** in t** p**k***'s inst*ll s*ript, w*i** is *x**ut** *urin* inst*ll*tion. *ow*v*r, t** provi*** in*orm*tion *o*s not sp**i*y *ny p*rti*ul*r *un*tions or *il* p*t*s *ont*inin* t** m*li*ious *o**. NPM inst*ll s