MAL-2023-1490

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/bugsnotfound/MAL-2023-1490.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2023-1490

Published

2023-08-19T17:39:56Z

Modified

2023-08-19T18:10:59Z

Summary

Malicious code in bugsnotfound (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (3980d08da6629463ad50e50b6a94591add7f48be24c1256a14e6d3e56fe69f55)

The OpenSSF Package Analysis project identified 'bugsnotfound' @ 1.1.2 (npm) as malicious.

It is considered malicious because: - The package communicates with a domain associated with malicious activity. - The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2023-08-19T18:05:44.376774203Z",
            "modified_time": "2023-08-19T17:39:56.067983008Z",
            "versions": [
                "1.1.2"
            ],
            "source": "ossf-package-analysis",
            "sha256": "3980d08da6629463ad50e50b6a94591add7f48be24c1256a14e6d3e56fe69f55"
        },
        {
            "import_time": "2023-08-19T18:05:44.519553013Z",
            "modified_time": "2023-08-19T17:44:46.129222366Z",
            "versions": [
                "1.1.7"
            ],
            "source": "ossf-package-analysis",
            "sha256": "79716984a65383f264804842207d17d33d181a0c9e0f048a5e9bfe9ea66a8e3a"
        },
        {
            "import_time": "2023-08-19T18:05:44.826700733Z",
            "modified_time": "2023-08-19T17:59:57.325382787Z",
            "versions": [
                "1.0.5"
            ],
            "source": "ossf-package-analysis",
            "sha256": "b747adce8415f51908a4b99af0129343ddd79f84bc2c7ea530600cc3872c78dc"
        },
        {
            "import_time": "2023-08-19T18:05:44.666826323Z",
            "modified_time": "2023-08-19T17:51:40.026241232Z",
            "versions": [
                "2.1.2"
            ],
            "source": "ossf-package-analysis",
            "sha256": "cffe27e14db95155049fc1eed72c99966fde272c3bee6b04b6d0816435dc5fe4"
        },
        {
            "import_time": "2023-08-19T18:05:44.981443143Z",
            "modified_time": "2023-08-19T18:02:31.320021753Z",
            "versions": [
                "1.0.3"
            ],
            "source": "ossf-package-analysis",
            "sha256": "d4dc749ae088f3e893ab98169eb3fc9a8c9da4a75ecd6b374864193b0b84b3bd"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / bugsnotfound

Package

Name: bugsnotfound; View open source insights on deps.dev
Purl: pkg:npm/bugsnotfound

Affected ranges

Affected versions

1.*

1.0.3

1.0.5

1.1.2

1.1.7

2.*

2.1.2