MAL-2024-3030

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/socket.io-client-v2/MAL-2024-3030.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-3030
Aliases
  • SNYK-JS-SOCKETIOCLIENTV2-6044722
Published
2024-06-25T13:01:21Z
Modified
2024-10-24T01:01:57Z
Summary
Malicious code in socket.io-client-v2 (npm)
Details

-= Per source details. Do not edit below this line.=-

Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2024-01759",
            "source": "reversing-labs",
            "modified_time": "2024-06-25T13:01:21Z",
            "sha256": "14cccfbe4893e2ae62fc3191ef545f85287eab86c782af7268bda1e42c89a7a6",
            "import_time": "2024-06-28T02:44:45.780752322Z",
            "versions": [
                "6.0.2",
                "3.4.2",
                "6.0.3"
            ]
        },
        {
            "id": "RLUA-2024-07331",
            "source": "reversing-labs",
            "modified_time": "2024-10-16T13:19:51Z",
            "sha256": "d30d7b7e021e2a65a117977e084b91fd7651c5868b060c817a518c8155989f7c",
            "import_time": "2024-10-24T00:58:21.450749683Z"
        }
    ]
}
References
Credits

Affected packages

npm / socket.io-client-v2

Package

Name
socket.io-client-v2
View open source insights on deps.dev
Purl
pkg:npm/socket.io-client-v2

Affected ranges

Affected versions

3.*

3.4.2

6.*

6.0.2
6.0.3