MAL-2024-8938

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@energysolutions/mylib/MAL-2024-8938.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-8938
Published
2024-09-20T19:29:25Z
Modified
2024-09-26T23:06:19Z
Summary
Malicious code in @energysolutions/mylib (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (08f12d3c3e2e99f5bcec121d93fe4ece6a29ff57478e2e93e0cff0d4309832ac)

The OpenSSF Package Analysis project identified '@energysolutions/mylib' @ 999999999.999999.999999 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "af8652a2466a05067e04226d9a2c0ba8fd87d1ceea144088adec75e6d69144e0",
            "import_time": "2024-09-22T22:35:20.001507292Z",
            "versions": [
                "99.9.9"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-09-20T19:55:40Z"
        },
        {
            "sha256": "f6e3a6bea8d93f96120a14227a1892edeead009970a0b11452246468fa17e1dd",
            "import_time": "2024-09-22T22:35:19.906256746Z",
            "versions": [
                "99.9.7"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-09-20T19:38:11Z"
        },
        {
            "sha256": "fcbfd33ed337d039767d2917237f3a4d23ff74a860d69b7d644a52ca192607c4",
            "import_time": "2024-09-22T22:35:19.853438467Z",
            "versions": [
                "99.9.3"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-09-20T19:29:25Z"
        },
        {
            "sha256": "08f12d3c3e2e99f5bcec121d93fe4ece6a29ff57478e2e93e0cff0d4309832ac",
            "import_time": "2024-09-26T23:05:57.931236308Z",
            "versions": [
                "999999999.999999.999999"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-09-26T07:55:41Z"
        },
        {
            "sha256": "10c6d7e1f6418565c6ba63571667684677e09a9a9870564276c82824d4055790",
            "import_time": "2024-09-26T23:05:57.516558773Z",
            "versions": [
                "9998.998.998"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-09-25T19:50:41Z"
        },
        {
            "sha256": "1a77c7c3fc6abfa729a2b13de21ac88a96f6e565ea74caf8818de009673c2be0",
            "import_time": "2024-09-26T23:05:57.583283696Z",
            "versions": [
                "9998.999.999"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-09-26T06:23:41Z"
        },
        {
            "sha256": "5131d12a8cfe87f2ac5306a4e02a1bf27906c3033911cc738be6068f4c053e3c",
            "import_time": "2024-09-26T23:05:57.664231809Z",
            "versions": [
                "99999.99999.9999"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-09-26T07:20:39Z"
        },
        {
            "sha256": "57c1d54e282f29e602957a65120b53734325ef86848407a15ecf42638d3667ce",
            "import_time": "2024-09-26T23:05:57.751854102Z",
            "versions": [
                "9999999.999999.999999"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-09-26T07:44:18Z"
        },
        {
            "sha256": "a99a69f233f00b448a81f3811cf11dfdc3d0c42169393f854ea2aed819dfe872",
            "import_time": "2024-09-26T23:05:57.839664562Z",
            "versions": [
                "99999999.999999.999999"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-09-26T07:45:42Z"
        },
        {
            "sha256": "d71d1050e9d0ab76962d7680a6fb2139f92bf0401205b12d06b6c903b0a8ec7d",
            "import_time": "2024-09-26T23:05:57.417697676Z",
            "versions": [
                "999.99.99"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-09-25T19:31:18Z"
        }
    ]
}
References
Credits

Affected packages

npm / @energysolutions/mylib

Package

Name
@energysolutions/mylib
View open source insights on deps.dev
Purl
pkg:npm/%40energysolutions/mylib

Affected ranges

Affected versions

99.*

99.9.3
99.9.7
99.9.9

999.*

999.99.99

9998.*

9998.998.998
9998.999.999

99999.*

99999.99999.9999

9999999.*

9999999.999999.999999

99999999.*

99999999.999999.999999

999999999.*

999999999.999999.999999