MAL-2024-6461

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/activemodel-can-validator/MAL-2024-6461.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-6461

Published

2024-06-25T13:46:47Z

Modified

2024-10-24T01:02:00Z

Summary

Malicious code in activemodel-can-validator (RubyGems)

Details

-= Per source details. Do not edit below this line.=-

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2024-06-28T02:51:40.341700031Z",
            "modified_time": "2024-06-25T13:46:47Z",
            "source": "reversing-labs",
            "versions": [
                "0.0.2"
            ],
            "sha256": "5711553525d6f94f63b61992fccfb5fc14dd49eb2ece1f710d29b32583852e23",
            "id": "RLMA-2024-05267"
        },
        {
            "import_time": "2024-10-24T01:00:43.645799859Z",
            "modified_time": "2024-10-16T14:57:29Z",
            "source": "reversing-labs",
            "sha256": "73e5338775001ae0e9850ac6a6cfca7910200ef21377ed1d26ce65875e6ec785",
            "id": "RLUA-2024-09786"
        }
    ]
}

References

https://blog.reversinglabs.com/blog/mining-for-malicious-ruby-gems

Credits

- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

RubyGems / activemodel-can-validator

Package

Name: activemodel-can-validator
Purl: pkg:gem/activemodel-can-validator

Affected ranges

Affected versions

0.*

0.0.2

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/activemodel-can-validator/MAL-2024-6461.json"