Miggo Logo
Miggo Vulnerability Database
GHSA-f478-xwv9-p93q

GHSA-f478-xwv9-p93q: Duplicate Advisory: Kerberos for NodeJS allows DLL Injection

7.8

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-f478-xwv9-p93q
EPSS Score
-
CWE
CWE-427
Published
5/24/2022
Updated
8/21/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
kerberosnpm< 1.0.01.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is related to the use of LoadLibrary() without a full path, which is a known vector for DLL injection attacks. The kerberos_sspi component is identified as the source of the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## *upli**t* **visory T*is **visory **s ***n wit**r*wn ****us* it is * *upli**t* o* **S*-m*mx-r*pw-j**v. T*is link is m*int*in** to pr*s*rv* *xt*rn*l r***r*n**s. ## Ori*in*l **s*ription T** k*r**ros p**k*** ***or* *.*.* *or No**.js *llows *r*itr*ry

Reasoning

T** vuln*r**ility is r*l*t** to t** us* o* `Lo**Li*r*ry()` wit*out * *ull p*t*, w*i** is * known v**tor *or *LL inj**tion *tt**ks. T** k*r**ros_sspi *ompon*nt is i**nti*i** *s t** sour** o* t** vuln*r**ility.