MAL-2024-7791

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/next-react-notify/MAL-2024-7791.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-7791
Published
2024-07-22T16:29:34Z
Modified
2024-07-22T16:29:34Z
Summary
Malicious code in next-react-notify (npm)
Details

The package executes multiple malicious commands to download and execute further payloads. The tactics used are characteristic of an ongoing North Korean campaign.

Database specific
{
    "malicious-packages-origins": null
}
References
Credits

Affected packages

npm / next-react-notify

Package

Affected ranges

Affected versions

1.*

1.0.0