MAL-2023-8125

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pmd-github-action/MAL-2023-8125.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2023-8125
Published
2023-09-18T16:36:57Z
Modified
2023-09-19T04:35:01Z
Summary
Malicious code in pmd-github-action (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (25570da8772dbadd784a50cef765f49e039bdd693711fa519447931729c5ec72)

The OpenSSF Package Analysis project identified 'pmd-github-action' @ 7.2.9 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "25570da8772dbadd784a50cef765f49e039bdd693711fa519447931729c5ec72",
            "import_time": "2023-09-18T17:34:23.022536945Z",
            "versions": [
                "7.2.9"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2023-09-18T17:18:10Z"
        },
        {
            "sha256": "a1f0ddffd09c742a9fb1800552d1d62c789596cc1be17ddcece869a2e3dafefc",
            "import_time": "2023-09-18T17:34:22.958039742Z",
            "versions": [
                "7.9.9"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2023-09-18T17:10:45Z"
        },
        {
            "sha256": "40cfc6449425b40cb1843150153cd37cfb95b7369f18b98ba4f71bb6c19a4f17",
            "import_time": "2023-09-19T04:34:40.893009725Z",
            "versions": [
                "9.9.9"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2023-09-18T16:50:37Z"
        },
        {
            "sha256": "848b98ef9e3b341f70eb8accf2bd526095d488e08fb67886aa5aa29504d5da6f",
            "import_time": "2023-09-19T04:34:40.784565762Z",
            "versions": [
                "2.1.1"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2023-09-18T16:36:57Z"
        }
    ]
}
References
Credits

Affected packages

npm / pmd-github-action

Package

Affected ranges

Affected versions

2.*

2.1.1

7.*

7.2.9
7.9.9

9.*

9.9.9