MAL-2024-11766

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@wf-ceo/utilities/MAL-2024-11766.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-11766
Published
2024-12-09T23:05:50Z
Modified
2024-12-11T00:50:10Z
Summary
Malicious code in @wf-ceo/utilities (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (8261116de5f2cadd69a24af2cc71757e20ac5fc4232e231b4ba2eebee2333eb6)

The OpenSSF Package Analysis project identified '@wf-ceo/utilities' @ 67.6.7 (npm) as malicious.

It is considered malicious because:

  • The package executes one or more commands associated with malicious behavior.
Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-12-10T09:09:24Z",
            "import_time": "2024-12-11T00:49:36.50530321Z",
            "versions": [
                "67.6.7"
            ],
            "source": "ossf-package-analysis",
            "sha256": "8261116de5f2cadd69a24af2cc71757e20ac5fc4232e231b4ba2eebee2333eb6"
        },
        {
            "modified_time": "2024-12-09T23:05:50Z",
            "import_time": "2024-12-11T00:49:36.164578546Z",
            "versions": [
                "67.6.6"
            ],
            "source": "ossf-package-analysis",
            "sha256": "af85498a0b9ef0767a5b115133762a020b146b495b370116d1d09a1188d967d0"
        },
        {
            "modified_time": "2024-12-10T09:47:52Z",
            "import_time": "2024-12-11T00:49:36.754359688Z",
            "versions": [
                "3.0.55"
            ],
            "source": "ossf-package-analysis",
            "sha256": "afe8654c3fd7157b409e78d97a63cb7bd215ad6f09f810e56e9c1e1fb3a2b8d7"
        }
    ]
}
References
Credits

Affected packages

npm / @wf-ceo/utilities

Package

Name
@wf-ceo/utilities
View open source insights on deps.dev
Purl
pkg:npm/%40wf-ceo/utilities

Affected ranges

Affected versions

3.*

3.0.55

67.*

67.6.6
67.6.7