MAL-2023-1557

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/jsontostream/MAL-2023-1557.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2023-1557

Published

2023-05-11T00:00:00Z

Modified

2023-08-21T20:12:58Z

Summary

Malicious code in jsontostream (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: checkmarx (8cf6eca7a81571a14b52b17b7b9bfe99f347e67564d0dd421276aac3552ac297)

Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering tactics

References

https://medium.com/checkmarx-security/lazarus-group-launches-first-open-source-supply-chain-attacks-targeting-crypto-sector-cabc626e404e

Credits

- Checkmarx - FINDER
- - supplychainsecurity@checkmarx.com
  - https://bit.ly/checkmarx-malicious-packages

Affected packages

npm / jsontostream

Package

Name: jsontostream; View open source insights on deps.dev
Purl: pkg:npm/jsontostream

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected