VDB

GCVE-110-OSM-2026-6002

GCVE-110-OSM-2026-6002
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published June 16, 2026
Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code, install-time execution. ENTRY setup.cjs (install-hook: node setup.cjs --no-warnings) - Install Hook Executes Local JS File in package.json DESTINATION - custom-c2: 23.254.164.123 (primary, plaintext) in setup.cjs EXFIL - System Information Exfiltration in setup.cjs: "__dirname;e['writeFileSync'](c[_0x5f54e0(0xcd)](i[_0x5f54e0(0xb4)](),'.pkg_histo..." OBFUSCATION - Obfuscation: augmented proxied array function replacements in setup.cjs - Unicode Escape Obfuscation in esm/locale/fa.js: "\u06CC\u06A9\u200C\u0634\u0646\u0628\u0647" - Unicode Escape Obfuscation in esm/locale/sr-cyrl.js: "\u0433\u043E\u0434\u0438\u043D\u0430" - Deobfuscation Failed in setup.cjs - Obfuscation patterns: hexVariables in setup.cjs ADDITIONAL FINDINGS - Dynamic Code Execution in esm/plugin/customParseFormat/index.js: "exec(part)" - Publisher Has Other Malicious Packages PAYLOAD FILES setup.cjs (+ esm/plugin/customParseFormat/index.js, plugin/customParseFormat.js) INDICATORS (IOCs) - urls: https://day.js.org/, https://bundlephobia.com/package/dayjs, https://saucelabs.com/u/dayjs, https://day.js.org/docs/en/installation/installation, https://day.js.org/docs/en/parse/parse (+40 more) - domains: day.js.org, bundlephobia.com, saucelabs.com, www.netrouting.com, netrouting.com (+6 more) - payloadFileHash: 944dc7fd9de2f2efcff6458501084324769f736053129c71db3bf8294478d5f5

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowncaspian-day-jsall (affected)

References

advisory
vendor

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›