Main Vulnerability Database Vulnerabilities #VU57962

#VU57962 Embedded malicious code (backdoor) in coa

Published: November 4, 2021

Vulnerability identifier: #VU57962

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-506

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
coa

Software vendor:
Sergey Berezhnoy

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.

The npm package has been compromised and includes cryptomining and password stealing malware.

Remediation

The latest version of the software is 2.0.2, which does not have malicious code.

External links

https://ezplatform.com/security-advisories/ibexa-sa-2021-009-malicious-code-in-npm-veged-coa
https://github.com/veged/coa/issues/99