MAL-2024-7748

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/aroly-test/MAL-2024-7748.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-7748
Published
2024-07-10T09:30:50Z
Modified
2024-07-15T22:05:21Z
Summary
Malicious code in aroly-test (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (5559e3338ab9d433fec892063a5f0ec5ac1164490196c5a095bc2ffb723e6290)

The OpenSSF Package Analysis project identified 'aroly-test' @ 1.0.10 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-07-10T09:41:03Z",
            "import_time": "2024-07-15T22:04:54.127706348Z",
            "versions": [
                "1.0.5"
            ],
            "source": "ossf-package-analysis",
            "sha256": "1abcd46ebb2fac32fb8dda0616f7627c1e719cbbffbbafae8309d995d6f6bd7e"
        },
        {
            "modified_time": "2024-07-10T09:56:00Z",
            "import_time": "2024-07-15T22:04:54.217085001Z",
            "versions": [
                "1.0.7"
            ],
            "source": "ossf-package-analysis",
            "sha256": "31a86873e515b2a7d2c918073449e8153cbca1deaf41148e60fa1355e85ff7cd"
        },
        {
            "modified_time": "2024-07-10T09:30:50Z",
            "import_time": "2024-07-15T22:04:54.055287828Z",
            "versions": [
                "1.0.4"
            ],
            "source": "ossf-package-analysis",
            "sha256": "369dbcb7644b3ebdb1e3a45a49d498eeb2d9d04f365a320eb803dac05a5cfc1e"
        },
        {
            "modified_time": "2024-07-10T11:46:53Z",
            "import_time": "2024-07-15T22:04:54.468458269Z",
            "versions": [
                "1.0.10"
            ],
            "source": "ossf-package-analysis",
            "sha256": "5559e3338ab9d433fec892063a5f0ec5ac1164490196c5a095bc2ffb723e6290"
        },
        {
            "modified_time": "2024-07-10T10:10:39Z",
            "import_time": "2024-07-15T22:04:54.322550465Z",
            "versions": [
                "1.0.8"
            ],
            "source": "ossf-package-analysis",
            "sha256": "684dace6b05e7a455565861369a54f5ed6c904dac30615e442f5cef2997da71f"
        }
    ]
}
References
Credits

Affected packages

npm / aroly-test

Package

Affected ranges

Affected versions

1.*

1.0.4
1.0.5
1.0.7
1.0.8
1.0.10