Miggo Logo
Miggo Vulnerability Database
GHSA-95cg-3r4g-7w6j

GHSA-95cg-3r4g-7w6j:
Malicious Package in js-rha3

9.8

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-95cg-3r4g-7w6j
EPSS Score
-
CWE
CWE-506
Published
9/3/2020
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
js-rha3npm>= 0.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The advisory explicitly states the package contains embedded malicious code targeting Ethereum transactions, but no specific functions or code snippets are disclosed in the provided information. Without access to the actual malicious code implementation (source code/diffs/function names), we cannot identify specific vulnerable functions with high confidence. The vulnerability manifests at the package level rather than through identifiable individual functions based on the available data.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsion *.*.* *ont*in** m*li*ious *o**. T** p**k*** t*r**t** t** *t**r*um *rypto*urr*n*y *n* p*r*orm** tr*ns**tions to w*ll*ts not *ontroll** *y t** us*r. ## R**omm*n**tion R*mov* t** p**k*** *rom your *nvironm*nt. *nsur* no *t**r*um *un*s w*r* *o

Reasoning

T** **visory *xpli*itly st*t*s t** p**k*** *ont*ins *m****** m*li*ious *o** t*r**tin* *t**r*um tr*ns**tions, *ut no sp**i*i* *un*tions or *o** snipp*ts *r* *is*los** in t** provi*** in*orm*tion. Wit*out ****ss to t** **tu*l m*li*ious *o** impl*m*nt*t