VDB

GCVE-110-OSM-2026-6944

GCVE-110-OSM-2026-6944
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published June 29, 2026
Suspected dependency confusion attack. Behaviors: data exfiltration, code execution, network activity, obfuscated code, install-time execution. ENTRY .prepare.cjs (install-hook: node .prepare.cjs) - Install Hook Executes Local JS File in lib/package.json DESTINATION - urls: https://wgh.zzdsj.zhengzhou.gov.cn/iserver/services/map-ZhengZhouWangGeYiTiHua/rest/maps/threeLevelWangge/queryResults.json?returnContent=true` (c2, plaintext) - domains: wgh.zzdsj.zhengzhou.gov.cn (c2, plaintext) EXFIL - Data Encoding for Exfiltration in lib/FileReview/index.tsx: "encodeURIComponent(Base64.encode(fileUrl" - Network Request in .prepare.cjs: "https.request(" - System Information Collection in .prepare.cjs: "os.userInfo()" - Suspicious Domain in lib/ApproveModal/index.tsx: "http://117.160.134.158" OBFUSCATION - Dynamic Base64 Decoding in lib/DgzQRCode/util.js: "atob(arr[" - Dynamic Base64 Decoding in lib/utils/index.ts: "atob(arr[" - Strings Extracted from Deobfuscated Code in lib/DgzQRCode/util.js ADDITIONAL FINDINGS - Brand New Package - Publisher Has Other Malicious Packages PAYLOAD FILES .prepare.cjs INDICATORS (IOCs) - ipv4: 117.160.134.158 - urls: http://your-company-npm-registry.com, http://192.168.240.13:4873/, http://117.160.134.158:18090/story-view-10447.html, http://192.168.240.13:4873/@types/prop-types/-/prop-types-15.7.15.tgz, http://192.168.240.13:4873/@types/react/-/react-18.3.24.tgz (+6 more) - domains: cdn.digitalcnzz.com, historyBtn.current.click, ProForm.Group, currentConfigData.current.id - payloadFileHash: e74ff53507331adba43e77e20294a6a200dc28f99d817355cafc93e590434bf3

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@digitalcnzz/commonmoduleall (affected)

Browse GCVE Records

73,044 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›