MAL-2023-8125

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pmd-github-action/MAL-2023-8125.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2023-8125
Published
2023-09-18T16:36:57Z
Modified
2023-09-19T04:35:01Z
Summary
Malicious code in pmd-github-action (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (25570da8772dbadd784a50cef765f49e039bdd693711fa519447931729c5ec72)

The OpenSSF Package Analysis project identified 'pmd-github-action' @ 7.2.9 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

References
Credits

Affected packages

npm / pmd-github-action

Package

Name
pmd-github-action
Purl
pkg:npm/pmd-github-action

Affected ranges

Affected versions

2.*

2.1.1

7.*

7.2.9
7.9.9

9.*

9.9.9