MAL-2024-992

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/en-calendar/MAL-2024-992.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-992
Published
2024-02-12T01:31:58Z
Modified
2024-06-28T02:53:16Z
Summary
Malicious code in en-calendar (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (0cc66d6eb2f773deb786b69bc29863caf4091bd2bd1f9fe0b7fdaa6fe14aca89)

The OpenSSF Package Analysis project identified 'en-calendar' @ 1.0.1 (npm) as malicious.

It is considered malicious because:

  • The package executes one or more commands associated with malicious behavior.
Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "0cc66d6eb2f773deb786b69bc29863caf4091bd2bd1f9fe0b7fdaa6fe14aca89",
            "import_time": "2024-02-12T07:33:20.928508427Z",
            "versions": [
                "1.0.1"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-12T01:31:58Z"
        },
        {
            "sha256": "efcdbbcfadda031e08f335dbd0e4b44b653dbb2a34868297d1f13ecc3d45818c",
            "import_time": "2024-02-12T07:33:21.00056618Z",
            "versions": [
                "1.0.2"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-12T01:35:19Z"
        },
        {
            "sha256": "ddc4fd9ad1912d542c0f590e48439901f1e48dfbd541d4b4cae91ede43c29871",
            "import_time": "2024-06-28T02:43:06.821158988Z",
            "versions": [
                "3.3.999",
                "3.3.99991",
                "1.0.1",
                "1.0.2",
                "3.3.9991"
            ],
            "id": "RLMA-2024-00944",
            "source": "reversing-labs",
            "modified_time": "2024-06-25T12:41:18Z"
        }
    ]
}
References
Credits

Affected packages

npm / en-calendar

Package

Affected ranges

Affected versions

1.*

1.0.1
1.0.2

3.*

3.3.999
3.3.9991
3.3.99991