MAL-2024-9088

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@test3.svt/first-npm-package-test-2/MAL-2024-9088.json

JSON Data

https://api.test.osv.dev/v1/vulns/MAL-2024-9088

Published

2024-10-04T07:17:51Z

Modified

2024-10-08T07:34:44Z

Summary

Malicious code in @test3.svt/first-npm-package-test-2 (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (c5d0ddb406420abe4a1e74b157a237b13abf8b3b0753309cc30b2d10ceb7de42)

The OpenSSF Package Analysis project identified '@test3.svt/first-npm-package-test-2' @ 1.0.0 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "c5d0ddb406420abe4a1e74b157a237b13abf8b3b0753309cc30b2d10ceb7de42",
            "import_time": "2024-10-04T07:34:21.919702246Z",
            "versions": [
                "1.0.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-04T07:17:51Z"
        },
        {
            "sha256": "cdca872041c524cbdc06d12fc5d24fc8a69e7b6e72b8f93d1ce418783c34d3d0",
            "import_time": "2024-10-04T08:06:46.043334453Z",
            "versions": [
                "1.0.3"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-04T07:40:48Z"
        },
        {
            "sha256": "804bf93978a361d6c351b4ed0af35d887bf08dfcfa6f994e04bc9e16552e2989",
            "import_time": "2024-10-04T08:37:36.517327925Z",
            "versions": [
                "1.0.7"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-04T08:26:20Z"
        },
        {
            "sha256": "70f023040c36a68cdd675600adef4d7149c99af318a98c01a27db8fc9cfe933f",
            "import_time": "2024-10-04T10:05:39.198066028Z",
            "versions": [
                "1.1.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-04T09:55:38Z"
        },
        {
            "sha256": "403c3f8efadc5c679fc159e498d172b96f00c0d81359a26cce994e477f56668a",
            "import_time": "2024-10-04T10:37:47.949676784Z",
            "versions": [
                "1.1.1"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-04T10:06:49Z"
        },
        {
            "sha256": "9d056795b31aa303fcf24c0767e5651f7acd48dcfbacd49809eb5d87d464db01",
            "import_time": "2024-10-04T12:08:10.884970356Z",
            "versions": [
                "1.1.4"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-04T12:05:53Z"
        },
        {
            "sha256": "8ec91a84795f3a48a34d43b42dc47a911f7dda3a89a4e9f9855f3f8b2a6bcd13",
            "import_time": "2024-10-04T12:45:58.951924089Z",
            "versions": [
                "1.1.7"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-04T12:10:54Z"
        },
        {
            "sha256": "03d3de6b6c31932c98e9bc82b47b8f2219fa54e301f35cfcabd2a7fdb96cbec6",
            "import_time": "2024-10-07T08:07:13.866308339Z",
            "versions": [
                "1.2.3"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-07T07:45:54Z"
        },
        {
            "sha256": "d5b57966cf922eb12776d69c8cacd2721cd6ed4f1cea30c97307a3e78898f656",
            "import_time": "2024-10-07T08:07:13.729272005Z",
            "versions": [
                "1.2.1"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-07T07:45:48Z"
        },
        {
            "sha256": "ac3245be55da129f3efd53f9a7f6b563de5545039abde08a6e6ed0246e2abd24",
            "import_time": "2024-10-08T07:05:35.315044947Z",
            "versions": [
                "1.2.6"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-08T07:00:38Z"
        },
        {
            "sha256": "b8894b6f0747b7700211aa0d62406f402f29a9b868647677bda90865d8395260",
            "import_time": "2024-10-08T07:05:35.166508696Z",
            "versions": [
                "1.2.5"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-08T06:59:03Z"
        },
        {
            "sha256": "0d6527e273dea75eb65c006896c6440bdfd9dc629117b19a447421c829528c1a",
            "import_time": "2024-10-08T07:34:17.7192587Z",
            "versions": [
                "1.3.3"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-08T07:30:44Z"
        },
        {
            "sha256": "8244ce1a8c1656999d0c39d38714fce4e6fa8b9d5430961ca4cdd9544f5369b5",
            "import_time": "2024-10-08T07:34:17.54415248Z",
            "versions": [
                "1.3.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-10-08T07:10:55Z"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / @test3.svt/first-npm-package-test-2

Package

Name: @test3.svt/first-npm-package-test-2; View open source insights on deps.dev
Purl: pkg:npm/%40test3.svt/first-npm-package-test-2

Affected ranges

Affected versions

1.*

1.0.0

1.0.3

1.0.7

1.1.0

1.1.1

1.1.4

1.1.7

1.2.1

1.2.3

1.2.5

1.2.6

1.3.0

1.3.3