MAL-2023-7979

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/visual_components/MAL-2023-7979.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2023-7979
Published
2023-09-01T19:41:34Z
Modified
2023-09-01T21:05:24Z
Summary
Malicious code in visual_components (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (7289e2b3846c5d4eacbe709a4bd08a2e48688e587b810b9535c2275275dd2497)

The OpenSSF Package Analysis project identified 'visual_components' @ 1.0.13 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.13"
            ],
            "import_time": "2023-09-01T20:05:10.62438396Z",
            "modified_time": "2023-09-01T19:49:01Z",
            "sha256": "7289e2b3846c5d4eacbe709a4bd08a2e48688e587b810b9535c2275275dd2497",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "1.0.14"
            ],
            "import_time": "2023-09-01T20:05:10.560034907Z",
            "modified_time": "2023-09-01T19:41:34Z",
            "sha256": "f4272d41d8dae8a6b53a5fe78c6e2b10ce6cd06fc7dfe6b61b5f87b38d75b02d",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "1.0.19"
            ],
            "import_time": "2023-09-01T20:34:21.606321642Z",
            "modified_time": "2023-09-01T20:09:16Z",
            "sha256": "2c4bd483ceceb49450acb2fc3acfdfc3113465f504d94e5ed9b67cf927ff137b",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "1.0.18"
            ],
            "import_time": "2023-09-01T20:34:21.544549639Z",
            "modified_time": "2023-09-01T20:05:42Z",
            "sha256": "42773c6cd142c8f14d32d547e2256baa1af72cc779c779aa444f1ff34a06bedc",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "1.0.20"
            ],
            "import_time": "2023-09-01T20:34:21.663493374Z",
            "modified_time": "2023-09-01T20:14:02Z",
            "sha256": "bdc09bd10630e4c0daeee02b33b29302c1b07876c4897f3a001cba1171470354",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "1.0.21"
            ],
            "import_time": "2023-09-01T21:05:04.750602244Z",
            "modified_time": "2023-09-01T20:35:55Z",
            "sha256": "86d946141cb31c177ff6e48b9f158c23844f57cb90cd819759d752a26b8e5bd4",
            "source": "ossf-package-analysis"
        }
    ]
}
References
Credits

Affected packages

npm / visual_components

Package

Affected ranges

Affected versions

1.*
1.0.13
1.0.14
1.0.18
1.0.19
1.0.20
1.0.21

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/visual_components/MAL-2023-7979.json"