MAL-2023-5

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/eslint-plugin-indeed/MAL-2023-5.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2023-5
Aliases
  • SNYK-JS-ESLINTPLUGININDEED-3336031
Published
2023-05-01T02:25:46Z
Modified
2024-06-28T03:14:35.216637Z
Summary
Malicious code in eslint-plugin-indeed (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (cd3cf0dfdda3ea0bf705d385efb05c56b971a408c4a0dceef3771d2e474a33e0)

The OpenSSF Package Analysis project identified 'eslint-plugin-indeed' @ 99.99.9 (npm) as malicious.

It is considered malicious because: - The package communicates with a domain associated with malicious activity.

Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "ossf-package-analysis",
            "modified_time": "0001-01-01T00:00:00Z",
            "versions": [
                "99.99.9"
            ],
            "import_time": "2023-06-30T03:53:17.18663345Z",
            "sha256": "cd3cf0dfdda3ea0bf705d385efb05c56b971a408c4a0dceef3771d2e474a33e0"
        },
        {
            "source": "reversing-labs",
            "modified_time": "2024-06-25T12:41:53Z",
            "versions": [
                "99.99.9",
                "10.9.9"
            ],
            "import_time": "2024-06-28T02:43:09.861040276Z",
            "id": "RLMA-2024-00971",
            "sha256": "d836eb785f6571a7933d4c3ed35935b12f02e875128be566c98c2ff695bdc464"
        }
    ]
}
References
Credits

Affected packages

npm / eslint-plugin-indeed

Package

Name
eslint-plugin-indeed
View open source insights on deps.dev
Purl
pkg:npm/eslint-plugin-indeed

Affected ranges

Affected versions

10.*

10.9.9

99.*

99.99.9