MAL-2024-7090

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cli-pkg-test/MAL-2024-7090.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-7090
Published
2024-07-03T13:45:27Z
Modified
2024-07-03T17:05:25Z
Summary
Malicious code in cli-pkg-test (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (7a7aae8c7f3c482a70cb9cd90ee7c66cdab49f87aea5f39075c02aef180ad54a)

The OpenSSF Package Analysis project identified 'cli-pkg-test' @ 4.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "7a7aae8c7f3c482a70cb9cd90ee7c66cdab49f87aea5f39075c02aef180ad54a",
            "import_time": "2024-07-03T14:05:12.030808106Z",
            "versions": [
                "4.0.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-07-03T13:45:27Z"
        },
        {
            "sha256": "824e92925ce6584a8c0b8f07930f0dbeee4e91195a6cc949c61f4cc62ad9ab94",
            "import_time": "2024-07-03T14:05:12.108978835Z",
            "versions": [
                "4.0.1"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-07-03T14:03:13Z"
        },
        {
            "sha256": "745e89d6777f1679fdaf45716a72fb7675af2ed6b0fb8247e7c39c5e26b7e338",
            "import_time": "2024-07-03T14:34:06.733366949Z",
            "versions": [
                "4.0.2"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-07-03T14:26:15Z"
        },
        {
            "sha256": "5430e9988e1f3337633e1976f7cfdaca8d3d46b8ac6e0b721cf4b1a5506c2f1d",
            "import_time": "2024-07-03T15:05:22.236375897Z",
            "versions": [
                "4.0.3"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-07-03T14:53:12Z"
        },
        {
            "sha256": "9d71b1ace82fd960c7108e90b688b304b55f8ae192b3dc9102cab6359ac40253",
            "import_time": "2024-07-03T17:04:59.431050884Z",
            "versions": [
                "4.0.5"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-07-03T16:55:57Z"
        }
    ]
}
References
Credits

Affected packages

npm / cli-pkg-test

Package

Affected ranges

Affected versions

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.5