MAL-2024-10309

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rentez-docs/MAL-2024-10309.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-10309
Published
2024-11-02T17:30:42Z
Modified
2024-11-02T18:06:27Z
Summary
Malicious code in rentez-docs (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (d38f5182bdac1a9d1dc8a7edd04bf4887e39416ac443361fbe2b4de7341c0360)

The OpenSSF Package Analysis project identified 'rentez-docs' @ 6.6.6 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "d38f5182bdac1a9d1dc8a7edd04bf4887e39416ac443361fbe2b4de7341c0360",
            "import_time": "2024-11-02T17:34:13.514714352Z",
            "versions": [
                "6.6.6"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-02T17:30:42Z"
        },
        {
            "sha256": "4706c1b96ab737ef821954b3ca9e3a784fb14c28a6531f77d889b83f184fb9e4",
            "import_time": "2024-11-02T18:05:58.33778979Z",
            "versions": [
                "6.6.7"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-02T17:42:45Z"
        },
        {
            "sha256": "4d35fa2c014d1e507380be6dba88c396c5da1b4ecb471cdd839106c5c787c509",
            "import_time": "2024-11-02T18:05:58.459465682Z",
            "versions": [
                "8.0.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-02T17:46:26Z"
        },
        {
            "sha256": "891de119b42153e2c7cbf7afb7aa8d662085ffa555dbf9160377755d03fff716",
            "import_time": "2024-11-02T18:05:58.535901885Z",
            "versions": [
                "9.0.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-02T17:48:53Z"
        },
        {
            "sha256": "98df5e041c9957304b5cdc6d55aa05b2cbce2d9bc77ab66e47926c83f33b08e2",
            "import_time": "2024-11-02T18:05:58.406433106Z",
            "versions": [
                "7.0.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-02T17:44:15Z"
        }
    ]
}
References
Credits

Affected packages

npm / rentez-docs

Package

Affected ranges

Affected versions

6.*

6.6.6
6.6.7

7.*

7.0.0

8.*

8.0.0

9.*

9.0.0