MAL-2024-4677

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/nuget/tessa.compilations/MAL-2024-4677.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-4677

Published

2024-06-25T13:31:32Z

Modified

2024-10-24T01:01:57Z

Summary

Malicious code in Tessa.Compilations (NuGet)

Details

-= Per source details. Do not edit below this line.=-

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "026f921875d08965e0fe179f8cef4da637547738a95b6dbb28d282b8195869e5",
            "import_time": "2024-06-28T02:48:06.242944226Z",
            "versions": [
                "3.4.0"
            ],
            "id": "RLMA-2024-03461",
            "source": "reversing-labs",
            "modified_time": "2024-06-25T13:31:32Z"
        },
        {
            "sha256": "dca14f124582eb2e7d00687026f85c732e34dec03485da59b26305975ea95d85",
            "import_time": "2024-10-24T00:58:42.502415413Z",
            "id": "RLUA-2024-07742",
            "source": "reversing-labs",
            "modified_time": "2024-10-16T13:48:40Z"
        }
    ]
}

References

https://www.reversinglabs.com/blog/iamreboot-malicious-nuget-packages-exploit-msbuild-loophole

Credits

- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

NuGet / Tessa.Compilations

Package

Name: Tessa.Compilations; View open source insights on deps.dev
Purl: pkg:nuget/Tessa.Compilations

Affected ranges

Affected versions

3.*

3.4.0