MAL-2024-11240

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@chia-networrk/api/MAL-2024-11240.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-11240

Published

2024-12-08T10:15:35Z

Modified

2024-12-10T09:36:44Z

Summary

Malicious code in @chia-networrk/api (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (e57e8b48f0fae6b5e322af51e72243fe9f9dd6b716bff260220806de46ae467f)

The OpenSSF Package Analysis project identified '@chia-networrk/api' @ 1.0.7 (npm) as malicious.

It is considered malicious because:

The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-12-08T10:32:15Z",
            "versions": [
                "1.0.14"
            ],
            "sha256": "1de3560ba1a73cb1c0dbdcda3a2077a5f516052e84208c0248779bd5bd682f1b",
            "source": "ossf-package-analysis",
            "import_time": "2024-12-08T10:37:14.545448769Z"
        },
        {
            "modified_time": "2024-12-08T10:36:45Z",
            "versions": [
                "1.0.15"
            ],
            "sha256": "9483ee52d6e90d7dcd8737060c8a7f554c0e6ba5bf95454442e699730dfdcc76",
            "source": "ossf-package-analysis",
            "import_time": "2024-12-08T10:37:14.623766608Z"
        },
        {
            "modified_time": "2024-12-08T10:21:06Z",
            "versions": [
                "1.0.10"
            ],
            "sha256": "d124eecf908c2e275201c0e3cce0f31506bd618d9eae4818ae37a0f36b3e57c8",
            "source": "ossf-package-analysis",
            "import_time": "2024-12-08T10:37:14.472975274Z"
        },
        {
            "modified_time": "2024-12-08T10:57:31Z",
            "versions": [
                "1.0.16"
            ],
            "sha256": "f6fcc8c0fa2dae895cd3f3043806bce1866ce3c21f3678a87946307f5ca96a6f",
            "source": "ossf-package-analysis",
            "import_time": "2024-12-08T11:04:58.956404944Z"
        },
        {
            "modified_time": "2024-12-08T10:15:35Z",
            "versions": [
                "1.0.7"
            ],
            "sha256": "e57e8b48f0fae6b5e322af51e72243fe9f9dd6b716bff260220806de46ae467f",
            "source": "ossf-package-analysis",
            "import_time": "2024-12-09T02:33:36.767941827Z"
        },
        {
            "modified_time": "2024-12-10T09:21:20Z",
            "versions": [
                "1.0.21"
            ],
            "sha256": "151d5afd1b4f5b146548f9f124b37408a7b75022f44535816f4f5d4539ac82ef",
            "source": "ossf-package-analysis",
            "import_time": "2024-12-10T09:36:20.849645286Z"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / @chia-networrk/api

Package

Name: @chia-networrk/api; View open source insights on deps.dev
Purl: pkg:npm/%40chia-networrk/api

Affected ranges

Affected versions

1.*

1.0.7

1.0.10

1.0.14

1.0.15

1.0.16

1.0.21

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@chia-networrk/api/MAL-2024-11240.json"