Show vulnerabilities with patch / with exploit

Backdoor in 1337qq-js NPM package



Published: 2020-01-13
Severity Critical
Patch available NO
Number of vulnerabilities 1
CVE ID N/A
CWE ID CWE-506
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
1337qq-js
Web applications / Modules and components for CMS

Vendor Andre Eleuterio

Security Advisory

This security advisory describes one critical risk vulnerability.

1) Embedded malicious code (backdoor)

Severity: Critical

CVSSv3: 9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-506 - Embedded Malicious Code

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the server.

The package exfiltrates sensitive information through install scripts on Linux/UNIX systems. The information exfiltrated includes:

  • Environment variables
  • Running processes
  • /etc/hosts
  • uname -a
  • npmrc file

Remove the package from your system and rotate any compromised credentials.

Mitigation

It is recommended to remove this software.

Vulnerable software versions

1337qq-js: 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.11

CPE External links

https://www.npmjs.com/advisories/1455

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



ImmuniWeb® AI Platform for Application Security Testing