MAL-2024-10310

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@captivateiq/events/MAL-2024-10310.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-10310
Published
2024-11-02T20:19:14Z
Modified
2024-11-02T23:35:12Z
Summary
Malicious code in @captivateiq/events (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (8fc4737a464a63150ee660fef685ac907d15745ab89d4dea2872f3896362f599)

The OpenSSF Package Analysis project identified '@captivateiq/events' @ 19.3.9 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "ossf-package-analysis",
            "sha256": "de34c3e6a90854a18935e1aa2147bc881174a3a3fe9a7821246ca63e61ae4d8c",
            "import_time": "2024-11-02T20:34:28.896831442Z",
            "modified_time": "2024-11-02T20:19:14Z",
            "versions": [
                "1.0.0"
            ]
        },
        {
            "source": "ossf-package-analysis",
            "sha256": "8fc4737a464a63150ee660fef685ac907d15745ab89d4dea2872f3896362f599",
            "import_time": "2024-11-02T22:05:55.83630091Z",
            "modified_time": "2024-11-02T21:42:46Z",
            "versions": [
                "19.3.9"
            ]
        },
        {
            "source": "ossf-package-analysis",
            "sha256": "104e5fc106ccda2bfeb62d02a20d4bca1252ab9ecf230103cdd5c172d36a1ba6",
            "import_time": "2024-11-02T22:35:36.794192241Z",
            "modified_time": "2024-11-02T22:14:11Z",
            "versions": [
                "20.3.9"
            ]
        },
        {
            "source": "ossf-package-analysis",
            "sha256": "a47260c801490a72e06685a14c5338f2c083fc7d7e4f65b5e3c9c52c62497d09",
            "import_time": "2024-11-02T22:35:36.975113719Z",
            "modified_time": "2024-11-02T22:21:07Z",
            "versions": [
                "21.3.9"
            ]
        },
        {
            "source": "ossf-package-analysis",
            "sha256": "d7de5c434188b0a7777a1a05ae80ae274fd2355b203931556ed22dc84db5862e",
            "import_time": "2024-11-02T23:34:44.656409514Z",
            "modified_time": "2024-11-02T23:22:18Z",
            "versions": [
                "22.3.9"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / @captivateiq/events

Package

Name
@captivateiq/events
View open source insights on deps.dev
Purl
pkg:npm/%40captivateiq/events

Affected ranges

Affected versions

1.*

1.0.0

19.*

19.3.9

20.*

20.3.9

21.*

21.3.9

22.*

22.3.9