MAL-2023-1144

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/confusedatma/MAL-2023-1144.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2023-1144
Published
2023-05-05T04:16:38Z
Modified
2024-06-28T02:53:15Z
Summary
Malicious code in confusedatma (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (5708cd21986870186d2bf74eddcd5583472dd093668db44c4be3d889ce1417df)

The OpenSSF Package Analysis project identified 'confusedatma' @ 9.9.9 (npm) as malicious.

It is considered malicious because: - The package communicates with a domain associated with malicious activity.

Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "9.9.9"
            ],
            "import_time": "2023-08-10T06:15:46.795432541Z",
            "modified_time": "2023-05-10T03:13:16.931824891Z",
            "source": "ossf-package-analysis",
            "sha256": "5708cd21986870186d2bf74eddcd5583472dd093668db44c4be3d889ce1417df"
        },
        {
            "versions": [
                "4.0.0"
            ],
            "import_time": "2023-08-10T06:15:40.975748197Z",
            "modified_time": "2023-05-05T04:16:38.850423058Z",
            "source": "ossf-package-analysis",
            "sha256": "605b64358ee64e963995267f1ef5e3a9b6e7346fb86d32848f94f22f5085122e"
        },
        {
            "sha256": "57a82243e7a8aee9237280de263d80d7a052028baef6e6d53dbe54b51abd220b",
            "versions": [
                "4.0.0",
                "6.0.0"
            ],
            "import_time": "2024-06-28T02:42:28.715167431Z",
            "modified_time": "2024-06-25T12:34:18Z",
            "id": "RLMA-2024-00630",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

npm / confusedatma

Package

Name
confusedatma
View open source insights on deps.dev
Purl
pkg:npm/confusedatma

Affected ranges

Affected versions

4.*

4.0.0

6.*

6.0.0

9.*

9.9.9