MAL-2024-131

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pd-ui-kit/MAL-2024-131.json

JSON Data

https://api.test.osv.dev/v1/vulns/MAL-2024-131

Published

2024-01-18T05:30:41Z

Modified

2024-06-28T02:53:17Z

Summary

Malicious code in pd-ui-kit (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (b46ebcb2f76102916a1ab764b5af360b8c6cdd1dc56a269538132bcc4e307983)

The OpenSSF Package Analysis project identified 'pd-ui-kit' @ 1.5.1 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-01-18T05:30:41Z",
            "source": "ossf-package-analysis",
            "versions": [
                "1.5.1"
            ],
            "import_time": "2024-01-18T05:34:01.342338076Z",
            "sha256": "b46ebcb2f76102916a1ab764b5af360b8c6cdd1dc56a269538132bcc4e307983"
        },
        {
            "modified_time": "2024-01-18T05:41:15Z",
            "source": "ossf-package-analysis",
            "versions": [
                "1.5.2"
            ],
            "import_time": "2024-01-18T06:05:52.90950702Z",
            "sha256": "13b719e4d6572debdb0b19bbc365d81e3d2472307e0b0c28b510a6ff66b33609"
        },
        {
            "modified_time": "2024-01-18T06:43:41Z",
            "source": "ossf-package-analysis",
            "versions": [
                "1.5.3"
            ],
            "import_time": "2024-01-18T07:05:01.380803744Z",
            "sha256": "8577aba9d50450d277745b23ea4f1f3787892783c33e8a3ef412752dc6da0804"
        },
        {
            "modified_time": "2024-01-18T06:43:32Z",
            "source": "ossf-package-analysis",
            "versions": [
                "1.5.5"
            ],
            "import_time": "2024-01-18T07:05:01.323184066Z",
            "sha256": "f1803bd4826552362f764a0cdf450449af2fedd9f527cdbe957015265df6449d"
        },
        {
            "modified_time": "2024-01-18T06:42:22Z",
            "source": "ossf-package-analysis",
            "versions": [
                "1.5.4"
            ],
            "import_time": "2024-01-18T07:05:01.256442053Z",
            "sha256": "f7f1cce471b24c36b9089cfa4c2711283dd150b5f0cbacc93d57f78e96beb085"
        },
        {
            "modified_time": "2024-06-25T12:55:35Z",
            "sha256": "1dbf674ae9a1a0591e55377797c869e4bbf407d392e1fe5bc6af54c3796ee006",
            "source": "reversing-labs",
            "versions": [
                "1.5.4",
                "1.0.0",
                "1.5.2",
                "1.5.1",
                "1.5.5",
                "1.0.2",
                "1.0.3",
                "1.5.3",
                "1.5.0"
            ],
            "import_time": "2024-06-28T02:44:23.330089285Z",
            "id": "RLMA-2024-01570"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / pd-ui-kit

Package

Name: pd-ui-kit; View open source insights on deps.dev
Purl: pkg:npm/pd-ui-kit

Affected ranges

Affected versions

1.*

1.0.0

1.0.2

1.0.3

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pd-ui-kit/MAL-2024-131.json"