MAL-2023-8125

Source
https://github.com/ossf/malicious-packages/blob/main/malicious/npm/pmd-github-action/MAL-2023-8125.json
Published
2023-09-18T16:36:57Z
Modified
2023-09-19T04:35:01Z
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (25570da8772dbadd784a50cef765f49e039bdd693711fa519447931729c5ec72)

The OpenSSF Package Analysis project identified 'pmd-github-action' @ 7.2.9 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

References

Affected packages

npm / pmd-github-action

Source Details

Package Name
pmd-github-action

Affected ranges

Affected versions

2.*

2.1.1

7.*

7.2.9
7.9.9

9.*

9.9.9