MAL-2023-8775

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ngx-ndbx/MAL-2023-8775.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2023-8775
Published
2023-12-31T03:12:00Z
Modified
2023-12-31T04:34:10Z
Summary
Malicious code in ngx-ndbx (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (b85b4ba8a7146a1450ff0a1cc8b119bda90a838d67b93d8ad4f080551bfe002e)

The OpenSSF Package Analysis project identified 'ngx-ndbx' @ 18.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "69327ffe5f569210e2a99438109d60188c4d70def3c3d203def4d49c2ea68144",
            "versions": [
                "1.0.0"
            ],
            "import_time": "2023-12-31T03:33:50.191471025Z",
            "modified_time": "2023-12-31T03:12:00Z",
            "source": "ossf-package-analysis"
        },
        {
            "sha256": "b85b4ba8a7146a1450ff0a1cc8b119bda90a838d67b93d8ad4f080551bfe002e",
            "versions": [
                "18.0.0"
            ],
            "import_time": "2023-12-31T04:33:55.570061712Z",
            "modified_time": "2023-12-31T04:19:30Z",
            "source": "ossf-package-analysis"
        }
    ]
}
References
Credits

Affected packages

npm / ngx-ndbx

Package

Affected ranges

Affected versions

1.*
1.0.0
18.*
18.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ngx-ndbx/MAL-2023-8775.json"