MAL-2024-1666

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/internal-udfc-pkg/MAL-2024-1666.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-1666

Published

2024-06-25T18:36:00Z

Modified

2024-06-25T21:05:11Z

Summary

Malicious code in internal-udfc-pkg (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (25708e4f5f0536339a12c9bf28e659c821359f2733ff51d193cd6d74443c3650)

The OpenSSF Package Analysis project identified 'internal-udfc-pkg' @ 5.5.5 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "25708e4f5f0536339a12c9bf28e659c821359f2733ff51d193cd6d74443c3650",
            "source": "ossf-package-analysis",
            "modified_time": "2024-06-25T18:36:00Z",
            "versions": [
                "5.5.5"
            ],
            "import_time": "2024-06-25T19:05:21.408518925Z"
        },
        {
            "sha256": "d2cfbcdf083976076ca37b32be3a91cb36b9c5b9c9beb602b6369964904c1bd2",
            "source": "ossf-package-analysis",
            "modified_time": "2024-06-25T18:48:12Z",
            "versions": [
                "5.5.6"
            ],
            "import_time": "2024-06-25T19:05:21.516360622Z"
        },
        {
            "sha256": "e8e8956fbe7f64d6c3879aa7a3030ba1b085299688dc1299834fff9e7801cef8",
            "source": "ossf-package-analysis",
            "modified_time": "2024-06-25T19:15:48Z",
            "versions": [
                "5.5.7"
            ],
            "import_time": "2024-06-25T19:33:49.532569063Z"
        },
        {
            "sha256": "43d2d51866ac43fb5a060de3316792c60a9d7fdfbcd996d2a52265c09cdee30b",
            "source": "ossf-package-analysis",
            "modified_time": "2024-06-25T20:48:40Z",
            "versions": [
                "5.5.8"
            ],
            "import_time": "2024-06-25T21:04:51.241443785Z"
        },
        {
            "sha256": "88838d46d17cc336ce7d54257ef86c0369f24f86d0bb6b1fc84464a62a06e2ed",
            "source": "ossf-package-analysis",
            "modified_time": "2024-06-25T20:44:42Z",
            "versions": [
                "5.5.9"
            ],
            "import_time": "2024-06-25T21:04:51.180012747Z"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / internal-udfc-pkg

Package

Name: internal-udfc-pkg; View open source insights on deps.dev
Purl: pkg:npm/internal-udfc-pkg

Affected ranges

Affected versions

5.*

5.5.5

5.5.6

5.5.7

5.5.8

5.5.9

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/internal-udfc-pkg/MAL-2024-1666.json"