VDB

GCVE-110-OSM-2026-5211

GCVE-110-OSM-2026-5211
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published June 2, 2026
Bug bounty dependency confusion attempt. Package exfiltrates basic system information (hostname, IP, DNS) to security research infrastructure. Behaviors: data exfiltration, code execution. Entrypoint: index.js (main: index.js) Exfil: https://jiijii.firebaseio.com/.json (reconstructed, recovery: reconstructed in index — копия.js) Payload: index.js Secondary files: index — копия.js Key findings: - OAST/Interactsh Exfiltration in index — копия.js: "api.imgbb.com" - Reconstructed Obfuscated URL in index — копия.js: "https://jiijii.firebaseio.com/.json" - Webhook Data Exfiltration in index.js: "api.telegram.org/bot5034779343:AAGCLPIGDNdogZ_tBikLT9pY_DJzRx3uWMU/sendMessage" - OAST/Interactsh Exfiltration in index.js: "api.imgbb.com" - Reconstructed Obfuscated URL in index.js: "https://api.imgbb.com/1/upload?key=af7cad64d90d19e2a26889f92f6b3ed8" IOCs: - urls: https://jiijii.firebaseio.com/.json`, https://api.imgbb.com/1/upload?key=af7cad64d90d19e2a26889f92f6b3ed8`, https://res.cloudinary.com/o8/image/upload/h_1280/l_zz, https://res.cloudinary.com/o8/, https://api.imgbb.com/1/upload?key=33612f7751537f4f27c5253f56edbf16` (+4 more) - domains: jiijii.firebaseio.com, api.imgbb.com, i.ibb.co, api.cloudinary.com, res.cloudinary.com (+2 more) - telegramBots: 1998266306:AAFl_PSl2-caBsLDVag8kmKhU4p-YC-t9qI - telegramApi: api.telegram.org/bot${TOKEN}/deleteMessage?chat_id=${re.chat}&message_id=${re.message_id}`), api.telegram.org/bot${T}/sendMessage?chat_id=${id}&text=${encodeURIComponent(z)}`, api.telegram.org/bot${TOKEN}/sendMessage?chat_id=465081843&photo=${B.photo}`), api.telegram.org/bot${TOKEN}/`, api.telegram.org/bot5034779343:AAGCLPIGDNdogZ_tBikLT9pY_DJzRx3uWMU/sendMessage?chat_id=${chat}&text=${encodeURIComponent(l)}`) (+2 more) - bitcoinAddresses: 33612f7751537f4f27c5253f56edbf16 - payloadFileHash: 53f11316d12cd0015c4b4e87db38cabb726c63649e8fd569a10b91dcaef3d648

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknown66oall (affected)

References

advisory
vendor

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›