MAL-2024-12180

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@hi.editor/core/MAL-2024-12180.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-12180
Published
2024-12-18T12:48:09Z
Modified
2024-12-18T12:48:09Z
Summary
Malicious code in @hi.editor/core (npm)
Details

This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon.

Database specific 
{
    "malicious-packages-origins": null
}
References
Credits

Affected packages

npm / @hi.editor/core

Package

Name
@hi.editor/core
View open source insights on deps.dev
Purl
pkg:npm/%40hi.editor/core

Affected ranges

Affected versions

0.*

0.2.2-alpha.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@hi.editor/core/MAL-2024-12180.json"