VDB

GCVE-110-OSM-2026-3725

GCVE-110-OSM-2026-3725
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published May 8, 2026
[osmalyze-auto] Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code. [osmalyze-auto] Entrypoint: index.js (main: index.js) Payload: core.js Key findings: - Download Execute Delete Pattern in core.js: "writeFileSync(tp, ct); arr = _dekrypt(ASDFGs[7], RandN); arr = ar..." - Shell Command Execution in core.js: "execSync(" - Data Encoding for Exfiltration in core.js: "encodeURIComponent(utf8Str" - XOR-Encoded String Arrays in crypto-js.js: "var PC1 = [ 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26,..." - Data Encoding for Exfiltration in crypto-js.js: "encodeURIComponent(utf8Str" IOCs: - domains: www.openssl.org, crypto-js.googlecode.com - sha256Hashes: 2f77668a9dfbf8d5848b9eeb4a7145ca94c6ed9236e4a773f6dcafa5132b2f91 - payloadFileHash: 24604384b0e748ada07923630b3d037489e696284a98c4409fb9b6763565571f

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowntypo-crypto4.3.0 (affected)

References

advisory
vendor

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›