MAL-2024-1199

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/bugsnagmw/MAL-2024-1199.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-1199

Published

2024-03-31T14:28:23Z

Modified

2024-03-31T14:28:23Z

Summary

Malicious code in bugsnagmw (npm)

Details

The package bugsnagmw (npm) version 1.0.3 contains malicious code. The code was obfuscated to avoid detection. The malicious code is designed to steal sensitive information from the user's environment and send it to a remote server. See https://stacklok.com/blog/analysis-of-an-obfuscated-code-attack-on-npms-package-registry for more details.

References

Credits

- Stacklok: trustypkg.dev - FINDER
- - https://discord.com/invite/RkzVuTp3WK

Affected packages

npm / bugsnagmw

Package

Name: bugsnagmw; View open source insights on deps.dev
Purl: pkg:npm/bugsnagmw

Affected ranges

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3