MAL-2023-8125
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pmd-github-action/MAL-2023-8125.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2023-8125
- Published
- 2023-09-18T16:36:57Z
- Modified
- 2023-09-19T04:35:01Z
- Summary
- Malicious code in pmd-github-action (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (25570da8772dbadd784a50cef765f49e039bdd693711fa519447931729c5ec72)
The OpenSSF Package Analysis project identified 'pmd-github-action' @ 7.2.9 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "source": "ossf-package-analysis", "modified_time": "2023-09-18T17:18:10Z", "versions": [ "7.2.9" ], "import_time": "2023-09-18T17:34:23.022536945Z", "sha256": "25570da8772dbadd784a50cef765f49e039bdd693711fa519447931729c5ec72" }, { "source": "ossf-package-analysis", "modified_time": "2023-09-18T17:10:45Z", "versions": [ "7.9.9" ], "import_time": "2023-09-18T17:34:22.958039742Z", "sha256": "a1f0ddffd09c742a9fb1800552d1d62c789596cc1be17ddcece869a2e3dafefc" }, { "source": "ossf-package-analysis", "modified_time": "2023-09-18T16:50:37Z", "versions": [ "9.9.9" ], "import_time": "2023-09-19T04:34:40.893009725Z", "sha256": "40cfc6449425b40cb1843150153cd37cfb95b7369f18b98ba4f71bb6c19a4f17" }, { "source": "ossf-package-analysis", "modified_time": "2023-09-18T16:36:57Z", "versions": [ "2.1.1" ], "import_time": "2023-09-19T04:34:40.784565762Z", "sha256": "848b98ef9e3b341f70eb8accf2bd526095d488e08fb67886aa5aa29504d5da6f" } ] }- References
-
- Credits
-
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / pmd-github-action
Package
- Name
- pmd-github-action
- View open source insights on deps.dev
- Purl
- pkg:npm/pmd-github-action