MAL-2024-3078

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/tangram/MAL-2024-3078.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-3078

Withdrawn

2024-07-01T05:55:00Z

Published

2024-06-25T12:23:08Z

Modified

2024-07-01T05:55:00Z

Summary

Malicious code in tangram (npm)

Details

False positive caused by problematic ingestion.

-= Per source details. Do not edit below this line.=-

Database specific

{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "id": "RLMA-2024-00225",
            "import_time": "2024-06-28T02:41:39.506568693Z",
            "modified_time": "2024-06-25T12:23:08Z",
            "versions": [
                "4.714.1",
                "1.711.1",
                "2.712.1",
                "8.817.1",
                "3.713.1",
                "7.717.1",
                "1.2.0-3e1",
                "5.715.1",
                "6.716.1"
            ],
            "sha256": "cc79e387945007acb910a3dd7c0a1c66df663040ce43964853d9a4b7d32223f0"
        }
    ]
}

References

Affected packages

npm / tangram

Package

Name: tangram; View open source insights on deps.dev
Purl: pkg:npm/tangram

Affected ranges

Affected versions

1.*

1.2.0-3e1

1.711.1

2.*

2.712.1

3.*

3.713.1

4.*

4.714.1

5.*

5.715.1

6.*

6.716.1

7.*

7.717.1

8.*

8.817.1

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/tangram/MAL-2024-3078.json"