MAL-2023-1230

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/loveapple/MAL-2023-1230.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2023-1230

Published

2023-04-26T06:31:14Z

Modified

2023-04-26T06:31:14Z

Summary

Malicious code in loveapple (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (93f0fed5927aa024ef89366775ca7f11d1f48b1d2f4d547780f38f6984b9c5f0)

The OpenSSF Package Analysis project identified 'loveapple' @ 1.0.0 (npm) as malicious.

It is considered malicious because: - The package communicates with a domain associated with malicious activity.

Database specific

{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "modified_time": "2023-04-26T06:31:14.404944835Z",
            "source": "ossf-package-analysis",
            "sha256": "93f0fed5927aa024ef89366775ca7f11d1f48b1d2f4d547780f38f6984b9c5f0",
            "import_time": "2023-08-10T06:14:58.76105632Z"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

MAL-2023-1230

Source: ossf-package-analysis (93f0fed5927aa024ef89366775ca7f11d1f48b1d2f4d547780f38f6984b9c5f0)

Affected packages

npm / loveapple

Package

Affected ranges

Affected versions

1.*