MAL-2024-131

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pd-ui-kit/MAL-2024-131.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-131
Published
2024-01-18T05:30:41Z
Modified
2024-06-28T02:53:17Z
Summary
Malicious code in pd-ui-kit (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (b46ebcb2f76102916a1ab764b5af360b8c6cdd1dc56a269538132bcc4e307983)

The OpenSSF Package Analysis project identified 'pd-ui-kit' @ 1.5.1 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "b46ebcb2f76102916a1ab764b5af360b8c6cdd1dc56a269538132bcc4e307983",
            "import_time": "2024-01-18T05:34:01.342338076Z",
            "versions": [
                "1.5.1"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-01-18T05:30:41Z"
        },
        {
            "sha256": "13b719e4d6572debdb0b19bbc365d81e3d2472307e0b0c28b510a6ff66b33609",
            "import_time": "2024-01-18T06:05:52.90950702Z",
            "versions": [
                "1.5.2"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-01-18T05:41:15Z"
        },
        {
            "sha256": "8577aba9d50450d277745b23ea4f1f3787892783c33e8a3ef412752dc6da0804",
            "import_time": "2024-01-18T07:05:01.380803744Z",
            "versions": [
                "1.5.3"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-01-18T06:43:41Z"
        },
        {
            "sha256": "f1803bd4826552362f764a0cdf450449af2fedd9f527cdbe957015265df6449d",
            "import_time": "2024-01-18T07:05:01.323184066Z",
            "versions": [
                "1.5.5"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-01-18T06:43:32Z"
        },
        {
            "sha256": "f7f1cce471b24c36b9089cfa4c2711283dd150b5f0cbacc93d57f78e96beb085",
            "import_time": "2024-01-18T07:05:01.256442053Z",
            "versions": [
                "1.5.4"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-01-18T06:42:22Z"
        },
        {
            "sha256": "1dbf674ae9a1a0591e55377797c869e4bbf407d392e1fe5bc6af54c3796ee006",
            "import_time": "2024-06-28T02:44:23.330089285Z",
            "versions": [
                "1.5.4",
                "1.0.0",
                "1.5.2",
                "1.5.1",
                "1.5.5",
                "1.0.2",
                "1.0.3",
                "1.5.3",
                "1.5.0"
            ],
            "id": "RLMA-2024-01570",
            "source": "reversing-labs",
            "modified_time": "2024-06-25T12:55:35Z"
        }
    ]
}
References
Credits

Affected packages

npm / pd-ui-kit

Package

Affected ranges

Affected versions

1.*

1.0.0
1.0.2
1.0.3
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5