MAL-2024-10307

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@wf-wfria/pioneer-core/MAL-2024-10307.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-10307
Published
2024-11-02T00:03:53Z
Modified
2024-11-20T00:49:52Z
Summary
Malicious code in @wf-wfria/pioneer-core (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (b63b97806030c7c7d69b051321f440f1fb70bcfa7854e8992658bc8a4f8f7ac4)

The OpenSSF Package Analysis project identified '@wf-wfria/pioneer-core' @ 9.9.9 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "b63b97806030c7c7d69b051321f440f1fb70bcfa7854e8992658bc8a4f8f7ac4",
            "import_time": "2024-11-02T00:20:43.680784072Z",
            "versions": [
                "9.9.9"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-02T00:03:53Z"
        },
        {
            "sha256": "852d00acd6a9dc8ff90e8dca8e34b1dd865faafd345cf861f6935a3696fa1b74",
            "import_time": "2024-11-20T00:49:23.658760367Z",
            "versions": [
                "10.0.3"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-17T23:11:55Z"
        },
        {
            "sha256": "c1cbaccf9554ae934c5a4fcf2449979db327bfa1641960ae1daf24ab49496f12",
            "import_time": "2024-11-20T00:49:23.975767916Z",
            "versions": [
                "10.0.5"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-18T20:41:50Z"
        }
    ]
}
References
Credits

Affected packages

npm / @wf-wfria/pioneer-core

Package

Name
@wf-wfria/pioneer-core
View open source insights on deps.dev
Purl
pkg:npm/%40wf-wfria/pioneer-core

Affected ranges

Affected versions

9.*

9.9.9

10.*

10.0.3
10.0.5