MAL-2024-10301
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@lottiefiles/lottie-player/MAL-2024-10301.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-10301
- Published
- 2024-10-31T23:17:47Z
- Modified
- 2024-10-31T23:17:47Z
- Summary
- Malicious code in @lottiefiles/lottie-player (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: google-open-source-security (faa879b0fa360852899250846599b4b81d442b942d5e4fec4101044400272af1)
The NPM package @lottiefiles/lottie-player had unauthorized new versions published that contained malicious code.
The malicious code prompted for users to connect crypto wallets.
- References
Affected packages
npm / @lottiefiles/lottie-player
Package
- Name
- @lottiefiles/lottie-player
- View open source insights on deps.dev
- Purl
- pkg:npm/%40lottiefiles/lottie-player