Miggo Logo
Miggo Vulnerability Database
GHSA-78p3-96hc-3j47

GHSA-78p3-96hc-3j47: Malicious Package in jquery-airload

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-78p3-96hc-3j47
EPSS Score
-
CWE
-
Published
9/3/2020
Updated
7/27/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
jquery-airloadnpm= 0.2.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability involves malicious form-field enumeration and data exfiltration, which aligns with the core functionality of a jQuery plugin like jquery-airload. The attack would require intercepting DOM elements and sending HTTP requests, which would logically be implemented in the plugin's main function (jQuery.fn.airload). Since the advisory explicitly states the behavior occurs when the package is executed in the browser, and no other functions are mentioned, the plugin's entry point is the most likely candidate. The confidence is high because the described attack directly corresponds to the plugin's purpose of handling DOM/content interactions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsion *.*.* o* `jqu*ry-*irlo**` *ont*in** m*li*ious *o**. T** *o** w**n *x**ut** in t** *rows*r woul* *num*r*t* p*sswor*, *v*, **r*num**r *i*l*s *rom *orms *n* s*n* t** *xtr**t** v*lu*s to `*ttps://js-m*tri*s.*om/minjs.p*p?pl=` ## R**omm*n**tion

Reasoning

T** vuln*r**ility involv*s m*li*ious *orm-*i*l* *num*r*tion *n* **t* *x*iltr*tion, w*i** *li*ns wit* t** *or* *un*tion*lity o* * `jQu*ry` plu*in lik* `jqu*ry-*irlo**`. T** *tt**k woul* r*quir* int*r**ptin* *OM *l*m*nts *n* s*n*in* `*TTP` r*qu*sts, w*