MAL-2024-10653

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@sportdigi/bootstrapper/MAL-2024-10653.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-10653
Published
2024-11-13T10:11:20Z
Modified
2024-11-15T20:35:40Z
Summary
Malicious code in @sportdigi/bootstrapper (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (606eac7e59a098b487b61377214416850ff371fc507eb544c97622670ff87dc8)

The OpenSSF Package Analysis project identified '@sportdigi/bootstrapper' @ 12.1.2 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "606eac7e59a098b487b61377214416850ff371fc507eb544c97622670ff87dc8",
            "import_time": "2024-11-13T10:37:24.247128903Z",
            "versions": [
                "12.1.2"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-13T10:11:20Z"
        },
        {
            "sha256": "b1f862d70f50ccfadb3942f07b0c46800bd4971837e3913953b800811a964952",
            "import_time": "2024-11-13T11:05:07.099222766Z",
            "versions": [
                "12.1.3"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-13T10:38:38Z"
        },
        {
            "sha256": "a866d4ed0958614d4f0034a2594c90fceaa90f6f471c769ee37f0dcdd456db19",
            "import_time": "2024-11-13T11:34:26.352846519Z",
            "versions": [
                "15.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-13T11:30:50Z"
        },
        {
            "sha256": "8bc611a87a7291672670b28e7628c988301fcf52454e4a697a7eb90bad3f3085",
            "import_time": "2024-11-13T12:46:07.341728524Z",
            "versions": [
                "17.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-13T12:45:39Z"
        },
        {
            "sha256": "0150cb4985e59dca650171035ea6913a23851721a195665073f218bb996dc8ac",
            "import_time": "2024-11-13T13:09:20.685944135Z",
            "versions": [
                "14.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-13T12:50:25Z"
        },
        {
            "sha256": "9933fc51d94e1f7fb9e64dd84eb30c2f36db22967b0536e1aa64a00e3b725d9d",
            "import_time": "2024-11-14T13:37:10.868181928Z",
            "versions": [
                "18.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T13:33:58Z"
        },
        {
            "sha256": "f49a1667bc0936dd1b8ef64447c4b7bfd108e268067687bbfcc5a62c559efafb",
            "import_time": "2024-11-14T14:05:18.785795394Z",
            "versions": [
                "19.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T13:47:50Z"
        },
        {
            "sha256": "552ae4f8cab37c1b5ac4cfed11f65ce2061f2a9051369a488ee8b8958042cbd2",
            "import_time": "2024-11-14T15:05:29.441774893Z",
            "versions": [
                "21.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T14:50:56Z"
        },
        {
            "sha256": "eb7017fda29ef672dc5434322a4998c9ec16a6b00abd6da8ddac55ee1ab228ed",
            "import_time": "2024-11-14T15:35:52.368650546Z",
            "versions": [
                "22.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T15:05:54Z"
        },
        {
            "sha256": "ad1b79a8453506433c0262901a8e62e5e2e339695fffac16639562cf73f53742",
            "import_time": "2024-11-14T16:06:25.434519794Z",
            "versions": [
                "23.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T15:55:56Z"
        },
        {
            "sha256": "c3ef377ddccb9dffa327f7a6ad3dfe309b140b2cbdeaf9344b61ee1fa02311d6",
            "import_time": "2024-11-14T17:05:15.38749747Z",
            "versions": [
                "24.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T17:00:52Z"
        },
        {
            "sha256": "c4a1bfeee069f396ecded1dc4d16ebb65ed629ba744dd238dbae1cebb30ad407",
            "import_time": "2024-11-14T18:06:46.843549234Z",
            "versions": [
                "25.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T17:55:07Z"
        },
        {
            "sha256": "e1e621b57176168201ebd0bc8c49972cecdd1f8db9da200504d11ed96efcec8d",
            "import_time": "2024-11-14T18:39:07.668046639Z",
            "versions": [
                "25.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T18:12:50Z"
        },
        {
            "sha256": "0e37ebad501c96a3638cf55c011f4c8212a264dc9e70ab3b5cfbb71927379806",
            "import_time": "2024-11-14T19:05:03.386138802Z",
            "versions": [
                "27.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T18:55:37Z"
        },
        {
            "sha256": "f368dc856c7c20c0e2b624c649d7f1c8aa0d470be7c53d8a271794bd16112dd1",
            "import_time": "2024-11-14T19:34:09.680125184Z",
            "versions": [
                "29.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T19:15:20Z"
        },
        {
            "sha256": "a02722852b2c7b5631e4531a44359a3aef19b4617c50104c174d0489d6d89c45",
            "import_time": "2024-11-14T21:34:15.228119279Z",
            "versions": [
                "30.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-14T21:08:38Z"
        },
        {
            "sha256": "0a6b53a3d5f465330166e2cc8e6336ac159ea8dc5c4b27b3458427c09cab5630",
            "import_time": "2024-11-15T20:35:14.801295845Z",
            "versions": [
                "34.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-15T20:30:10Z"
        },
        {
            "sha256": "6104d1700ab684ef9c3d161095d5f38dd59ddc82a9674a9141b26386691e3cbe",
            "import_time": "2024-11-15T20:35:14.72345131Z",
            "versions": [
                "32.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-15T20:28:14Z"
        },
        {
            "sha256": "9a58947bf96d58f3d3428b7a7fcbea36aad8e21894b09f2f08612499a0760e2f",
            "import_time": "2024-11-15T20:35:14.660802057Z",
            "versions": [
                "31.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-11-15T20:14:38Z"
        }
    ]
}
References
Credits

Affected packages

npm / @sportdigi/bootstrapper

Package

Name
@sportdigi/bootstrapper
View open source insights on deps.dev
Purl
pkg:npm/%40sportdigi/bootstrapper

Affected ranges

Affected versions

12.*

12.1.2
12.1.3

14.*

14.1.0

15.*

15.1.0

17.*

17.1.0

18.*

18.1.0

19.*

19.1.0

21.*

21.1.0

22.*

22.1.0

23.*

23.1.0

24.*

24.1.0

25.*

25.1.0

27.*

27.1.0

29.*

29.1.0

30.*

30.1.0

31.*

31.1.0

32.*

32.1.0

34.*

34.1.0