8.8

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-pjwm-rvh2-c87w

EPSS Score

CWE

CWE-829

Published

10/22/2021

Updated

7/28/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-pjwm-rvh2-c87w

GHSA-pjwm-rvh2-c87w:
Embedded malware in ua-parser-js

The npm package ua-parser-js had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See this issue for details as they unfold.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-pjwm-rvh2-c87w

EPSS Score

CWE

CWE-829

Published

10/22/2021

Updated

7/28/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ua-parser-js	npm	= 0.7.29	0.7.30
ua-parser-js	npm	= 0.8.0	0.8.1
ua-parser-js	npm	= 1.0.0	1.0.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from malicious code embedded in specific compromised versions (0.7.29, 0.8.0, 1.0.0) of the package, but no specific vulnerable functions are explicitly identified in the provided data. The CWEs (829 and 912) indicate inclusion of untrusted/hidden functionality, but the advisory and linked resources do not disclose technical details about the malicious functions/paths. Without access to the actual malicious code changes (via commit diffs or patch details), we cannot confidently identify specific vulnerable functions. The compromise appears to involve unauthorized code injection at the package level rather than exploitation of pre-existing functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** npm p**k*** `u*-p*rs*r-js` *** t*r** v*rsions pu*lis*** wit* m*li*ious *o**. Us*rs o* *****t** v*rsions (*.*.**, *.*.*, *.*.*) s*oul* up*r*** *s soon *s possi*l* *n* ****k t**ir syst*ms *or suspi*ious **tivity. S** [t*is issu*](*ttps://*it*u*.*om

Reasoning

T** vuln*r**ility st*ms *rom m*li*ious *o** *m****** in sp**i*i* *ompromis** v*rsions (*.*.**, *.*.*, *.*.*) o* t** p**k***, *ut no sp**i*i* vuln*r**l* *un*tions *r* *xpli*itly i**nti*i** in t** provi*** **t*. T** *W*s (*** *n* ***) in*i**t* in*lusio

8.8

Basic Information

Concerned about an active attack path?

GHSA-pjwm-rvh2-c87w: Embedded malware in ua-parser-js

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

GHSA-pjwm-rvh2-c87w:
Embedded malware in ua-parser-js

Vulnerability Intelligence
Miggo AI