MAL-2024-7740

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/alemmi/MAL-2024-7740.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-7740
Published
2024-07-13T09:23:55Z
Modified
2024-07-13T10:05:15Z
Summary
Malicious code in alemmi (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (e6439e28d1fe4888d5ea2c3c0bdfa9512092b20d6b0001069f0236329edab410)

The OpenSSF Package Analysis project identified 'alemmi' @ 11.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-07-13T09:23:55Z",
            "import_time": "2024-07-13T09:34:00.900748964Z",
            "versions": [
                "11.0.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "e6439e28d1fe4888d5ea2c3c0bdfa9512092b20d6b0001069f0236329edab410"
        },
        {
            "modified_time": "2024-07-13T09:34:38Z",
            "import_time": "2024-07-13T10:04:51.627162854Z",
            "versions": [
                "13.0.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "1a6ad8139fd77a38235cd58bc3ed2cd3ed23a23e997cd5b30d1342e0bbf0d8ab"
        },
        {
            "modified_time": "2024-07-13T09:54:31Z",
            "import_time": "2024-07-13T10:04:51.885571211Z",
            "versions": [
                "21.0.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "3ba062b4d10ff417f81199b0e72e58ce8c87bf7ef3129eb5ee5d682cfce454a4"
        },
        {
            "modified_time": "2024-07-13T09:41:05Z",
            "import_time": "2024-07-13T10:04:51.712241673Z",
            "versions": [
                "14.0.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "c00d001ad66df816039292929ec6d59f85e17d20010726a9e7056c666311e4bc"
        },
        {
            "modified_time": "2024-07-13T09:43:08Z",
            "import_time": "2024-07-13T10:04:51.820457948Z",
            "versions": [
                "15.0.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "ea9cb6bcad1a9de3c59aa0847fd9c1c0b6d8a29855cf06737a309062699a8b07"
        }
    ]
}
References
Credits

Affected packages

npm / alemmi

Package

Name
alemmi
View open source insights on deps.dev
Purl
pkg:npm/alemmi

Affected ranges

Affected versions

11.*

11.0.0

13.*

13.0.0

14.*

14.0.0

15.*

15.0.0

21.*

21.0.0