Talk to our security experts and see Miggo in action.
The vulnerability is related to the use of LoadLibrary() without a full path, which is a known vector for DLL injection attacks. The kerberos_sspi component is identified as the source of the vulnerability.
LoadLibrary()
This advisory has been withdrawn because it is a duplicate of GHSA-m2mx-rfpw-jghv. This link is maintained to preserve external references.
The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.
Ongoing coverage of React2Shell
Miggo AI