VDB
GCVE-110-OSM-2026-5211
GCVE-110-OSM-2026-5211
Advisory PublishedCVSS 5.4/10
Bug bounty dependency confusion attempt. Package exfiltrates basic system information (hostname, IP, DNS) to security research infrastructure. Behaviors: data exfiltration, code execution.
Entrypoint: index.js (main: index.js)
Exfil: https://jiijii.firebaseio.com/.json (reconstructed, recovery: reconstructed in index — копия.js)
Payload: index.js
Secondary files: index — копия.js
Key findings:
- OAST/Interactsh Exfiltration in index — копия.js: "api.imgbb.com"
- Reconstructed Obfuscated URL in index — копия.js: "https://jiijii.firebaseio.com/.json"
- Webhook Data Exfiltration in index.js: "api.telegram.org/bot5034779343:AAGCLPIGDNdogZ_tBikLT9pY_DJzRx3uWMU/sendMessage"
- OAST/Interactsh Exfiltration in index.js: "api.imgbb.com"
- Reconstructed Obfuscated URL in index.js: "https://api.imgbb.com/1/upload?key=af7cad64d90d19e2a26889f92f6b3ed8"
IOCs:
- urls: https://jiijii.firebaseio.com/.json`, https://api.imgbb.com/1/upload?key=af7cad64d90d19e2a26889f92f6b3ed8`, https://res.cloudinary.com/o8/image/upload/h_1280/l_zz, https://res.cloudinary.com/o8/, https://api.imgbb.com/1/upload?key=33612f7751537f4f27c5253f56edbf16` (+4 more)
- domains: jiijii.firebaseio.com, api.imgbb.com, i.ibb.co, api.cloudinary.com, res.cloudinary.com (+2 more)
- telegramBots: 1998266306:AAFl_PSl2-caBsLDVag8kmKhU4p-YC-t9qI
- telegramApi: api.telegram.org/bot${TOKEN}/deleteMessage?chat_id=${re.chat}&message_id=${re.message_id}`), api.telegram.org/bot${T}/sendMessage?chat_id=${id}&text=${encodeURIComponent(z)}`, api.telegram.org/bot${TOKEN}/sendMessage?chat_id=465081843&photo=${B.photo}`), api.telegram.org/bot${TOKEN}/`, api.telegram.org/bot5034779343:AAGCLPIGDNdogZ_tBikLT9pY_DJzRx3uWMU/sendMessage?chat_id=${chat}&text=${encodeURIComponent(l)}`) (+2 more)
- bitcoinAddresses: 33612f7751537f4f27c5253f56edbf16
- payloadFileHash: 53f11316d12cd0015c4b4e87db38cabb726c63649e8fd569a10b91dcaef3d648
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | 66o | all (affected) | — |
Aliases
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.