Vulnerability Database
Blog
FAQ
Docs
MAL-2024-10284
See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/bloxupgrade/MAL-2024-10284.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-10284
Published
2024-10-30T16:04:19Z
Modified
2024-10-30T16:04:19Z
Summary
Malicious code in bloxupgrade (npm)
Details
The package contains code to download and execute an infostealer payload.
References
Credits
Stacklok: trustypkg.dev - FINDER
https://discord.com/invite/RkzVuTp3WK
Affected packages
npm
/
bloxupgrade
Package
Name
bloxupgrade
View open source insights on deps.dev
Purl
pkg:npm/bloxupgrade
Affected ranges
Affected versions
1.*
1.0.0
MAL-2024-10284 - OSV