MAL-2024-10311

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@captivateiq/handsontable-ciq/MAL-2024-10311.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-10311
Published
2024-11-02T20:47:02Z
Modified
2024-11-02T23:35:12Z
Summary
Malicious code in @captivateiq/handsontable-ciq (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (ff5087a0a343a66ce310683b4fd7d9e169476f92ada3408d8dcc63fa1da6645a)

The OpenSSF Package Analysis project identified '@captivateiq/handsontable-ciq' @ 152.1.5 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "import_time": "2024-11-02T21:05:03.188954542Z",
            "modified_time": "2024-11-02T20:47:02Z",
            "source": "ossf-package-analysis",
            "sha256": "599a5852b9eda74d5a6332139849d2d1453f122369ec02b7629e4ea77af243bf"
        },
        {
            "versions": [
                "152.1.5"
            ],
            "import_time": "2024-11-02T22:05:55.908762734Z",
            "modified_time": "2024-11-02T21:44:50Z",
            "source": "ossf-package-analysis",
            "sha256": "ff5087a0a343a66ce310683b4fd7d9e169476f92ada3408d8dcc63fa1da6645a"
        },
        {
            "versions": [
                "153.1.5"
            ],
            "import_time": "2024-11-02T22:35:36.716793051Z",
            "modified_time": "2024-11-02T22:14:05Z",
            "source": "ossf-package-analysis",
            "sha256": "854e1d67a15c62ccd0e73b5672cd5a1c611e64a8ca86961ba1977c72d976a568"
        },
        {
            "versions": [
                "155.1.5"
            ],
            "import_time": "2024-11-02T22:35:36.88147619Z",
            "modified_time": "2024-11-02T22:21:01Z",
            "source": "ossf-package-analysis",
            "sha256": "f53432c1402ee41d9fcee3fc122e437bbc2817a27d5dbca2561afdb8b58aa33a"
        },
        {
            "versions": [
                "156.1.5"
            ],
            "import_time": "2024-11-02T23:34:44.570164379Z",
            "modified_time": "2024-11-02T23:22:13Z",
            "source": "ossf-package-analysis",
            "sha256": "999c0da4aea46106a2f1be4f94ff05502f231eb6051e14c4854b7ff1dcb7fab8"
        }
    ]
}
References
Credits

Affected packages

npm / @captivateiq/handsontable-ciq

Package

Name
@captivateiq/handsontable-ciq
View open source insights on deps.dev
Purl
pkg:npm/%40captivateiq/handsontable-ciq

Affected ranges

Affected versions

1.*

1.0.0

152.*

152.1.5

153.*

153.1.5

155.*

155.1.5

156.*

156.1.5