MAL-2024-10221

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/johnny_five/MAL-2024-10221.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-10221
Aliases
  • GHSA-833j-vqwv-ch5m
Published
2024-10-16T15:03:54Z
Modified
2026-07-18T11:04:23.751837995Z
Summary
Malicious code in johnny_five (RubyGems)
Details

-= Per source details. Do not edit below this line.=-

## Source: ghsa-malware (b09675de3cefaf2b5f411776842c29ab1db04a7c30bc4081994cebd240a960fe)

Credit: OpenSSF (source)

Database specific
{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "sha256": "6ba9da2aa8f85947a7aa1ceca4552388a358ea653ab8e2a00e4b9672b3091aec",
            "import_time": "2024-10-24T00:57:12.951120271Z",
            "modified_time": "2024-10-16T15:03:54Z",
            "id": "RLMA-2024-10277",
            "versions": [
                "0.8.0",
                "0.9.4",
                "1.0.0",
                "1.0.9",
                "1.1.0",
                "1.1.0.1",
                "1.1.1",
                "1.2.0",
                "1.2.1",
                "1.98.0",
                "1.99.0",
                "9.0.0",
                "9.1.0",
                "9.1.1"
            ]
        },
        {
            "sha256": "da15e05b0a1012fae25629e943a3d6d4b6288edf237dbc6bce1ce31a9299e19b",
            "import_time": "2024-12-09T14:38:53.957017496Z",
            "modified_time": "2024-12-09T06:51:33Z",
            "source": "reversing-labs",
            "id": "RLUA-2024-11215"
        },
        {
            "id": "GHSA-833j-vqwv-ch5m",
            "sha256": "b09675de3cefaf2b5f411776842c29ab1db04a7c30bc4081994cebd240a960fe",
            "modified_time": "2026-07-18T01:57:24Z",
            "versions": [
                "9.1.1",
                "9.1.0",
                "9.0.0",
                "1.99.0",
                "1.98.0",
                "1.2.1",
                "1.2.0",
                "1.1.1",
                "1.1.0.1",
                "1.1.0",
                "1.0.9",
                "1.0.0",
                "0.9.4",
                "0.8.0"
            ],
            "source": "ghsa-malware",
            "import_time": "2026-07-18T10:46:29.55024169Z"
        }
    ]
}
References
Credits

Affected packages

RubyGems / johnny_five

Package

Name
johnny_five
Purl
pkg:gem/johnny_five

Affected ranges

Affected versions

0.*
0.8.0
0.9.4
1.*
1.0.0
1.0.9
1.1.0
1.1.0.1
1.1.1
1.2.0
1.2.1
1.98.0
1.99.0
9.*
9.0.0
9.1.0
9.1.1

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/johnny_five/MAL-2024-10221.json"