VDB
GCVE-110-OSM-2026-5217
GCVE-110-OSM-2026-5217
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code.
Entrypoint: exchange/gekkoBroker.js (main: gekkoBroker.js)
Payload: web/vue/dist/chunk-vendors.b9a11975.js
Secondary files: web/vue/dist/vendor/moment.js, web/vue/public/vendor/moment.js
Key findings:
- Corporate Environment Targeting in core/gekkoStream.js: "tMode: true});
this.producers = this.plugins
.filter"
- Corporate Environment Targeting in core/markets/backtest.js: "tMode: true});
log.write('');
log.info('\tWARNING: BACKTESTING FEATURE NEED..."
- Corporate Environment Targeting in core/markets/leech.js: "tMode: true});
this.reader = new Reader();
this.latest"
- Corporate Environment Targeting in importers/exchanges/gdax.js: "tMoment = moment.unix(latest"
- Corporate Environment Targeting in web/vue/dist/vendor/moment.js: "tMonthsParse=[]),d=0;d<12;d++){
// test"
IOCs:
- ipv4: 19.1.3.1, 21.2.5.3, 19.1.2.14, 15.2.3.14, 19.1.3.6 (+29 more)
- urls: https://gekko.wizb.it/docs/introduction/getting-help.html, https://gekko.wizb.it/docs/extending/add_an_exchange.html, https://gekko.wizb.it/docs/internals/plugins.html, https://gekko.wizb.it/docs/strategies/creating_a_strategy.html, https://gekko.wizb.it/docs/internals/gekko_ui.html (+45 more)
- domains: gekko.wizb.it, mvr.me, ci.appveyor.com, mikevanrossum.nl, forum.gekko.wizb.it (+34 more)
- emails: gekko@mvr.me, mike@mvr.me, jon_snow@westeros.org, me@mydomain.com, me@somedomain.com (+1 more)
- bitcoinAddresses: 13r1jyivitShUiv9FJvjLH7Nh1ZZptumwW, 3wcoTjQqgHzXM6xa9yQR5YHRF3s
- ethereumAddresses: 0x46e9249ADc30F5bfc6632e1d0b4286496d071Be7
- payloadFileHash: 72f47329931ae50403f54efe5b7e52b61ed4abab8eeb67e8080ccf3988bb0792
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | 0xegg2024 | 1.0.21 (affected) | — |
Aliases
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.