-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| duckdb | npm | = 1.3.3 | 1.3.4 |
| @duckdb/node-api | npm | = 1.3.3 | 1.3.4-alpha.27 |
| @duckdb/node-bindings | npm | = 1.3.3 | 1.3.4-alpha.27 |
| @duckdb/duckdb-wasm | npm | = 1.29.2 | 1.29.3 |
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability is a result of a supply chain attack where malicious code was injected into several duckdb NPM packages. The analysis of the deobfuscated malware reveals that it is designed to steal cryptocurrency by intercepting and manipulating transactions. The identified vulnerable functions are not part of the legitimate duckdb-node source code but are the core components of the malicious script. These functions would be present in the runtime environment of any application that has installed and is using the compromised versions of the packages. When a user of an affected application attempts to make a cryptocurrency transaction, these functions would be executed, appearing in a runtime profile or stack trace. The primary malicious functions monkey-patch standard web APIs like fetch and XMLHttpRequest to intercept and alter data, and they also hook into the window.ethereum object to directly manipulate wallet transactions before they are signed. The _0x20669a function is central to the malware's operation, as it contains the logic for replacing legitimate cryptocurrency addresses with attacker-controlled ones.
Ongoing coverage of React2Shell