MAL-2023-8256
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/zenfi-sdk/MAL-2023-8256.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2023-8256
- Published
- 2023-09-27T14:00:47Z
- Modified
- 2023-09-29T10:05:57Z
- Summary
- Malicious code in zenfi-sdk (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (9a75914f8d0929ed48294224224fab435793f654258889e4435c268b34d2ac4c)
The OpenSSF Package Analysis project identified 'zenfi-sdk' @ 1.5.2 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "modified_time": "2023-09-27T14:00:47Z", "versions": [ "1.5.2" ], "sha256": "9a75914f8d0929ed48294224224fab435793f654258889e4435c268b34d2ac4c", "source": "ossf-package-analysis", "import_time": "2023-09-27T14:05:21.436579812Z" }, { "modified_time": "2023-09-27T14:22:07Z", "versions": [ "1.5.5" ], "sha256": "121bcc28f5a92a43e487a59be608e966374c729dcbe9ffed02594b32e6c69671", "source": "ossf-package-analysis", "import_time": "2023-09-27T14:34:37.687937694Z" }, { "modified_time": "2023-09-27T14:26:19Z", "versions": [ "1.5.7" ], "sha256": "4254fb00fbeb19194258d9118ac72b4116a72a781f6c57ecb4d4b6bec555a2cf", "source": "ossf-package-analysis", "import_time": "2023-09-27T14:34:37.824618248Z" }, { "modified_time": "2023-09-27T14:05:44Z", "versions": [ "1.5.3" ], "sha256": "c51b5327051759b4bf0f52d1e5162ac672633140f4e06184022ded34d15e78eb", "source": "ossf-package-analysis", "import_time": "2023-09-29T10:05:34.556252552Z" } ] }- References
-
- Credits
-
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / zenfi-sdk
Package
- Name
- zenfi-sdk
- View open source insights on deps.dev
- Purl
- pkg:npm/zenfi-sdk