MAL-2024-6568

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/alipay-dualfun/MAL-2024-6568.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-6568

Published

2024-06-25T13:47:52Z

Modified

2024-10-24T01:02:00Z

Summary

Malicious code in alipay-dualfun (RubyGems)

Details

-= Per source details. Do not edit below this line.=-

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "008ea7cf474594ceeadf6d181883f4b022f34ac42b0182e534a0857d3d6f12b1",
            "import_time": "2024-06-28T02:51:53.220818821Z",
            "versions": [
                "0.4"
            ],
            "id": "RLMA-2024-05374",
            "source": "reversing-labs",
            "modified_time": "2024-06-25T13:47:52Z"
        },
        {
            "sha256": "93fffbdb7091fc66076a3f89911a1cd9cea4745b9e8d67989dced02d39654656",
            "import_time": "2024-10-24T01:00:51.346803869Z",
            "id": "RLUA-2024-09893",
            "source": "reversing-labs",
            "modified_time": "2024-10-16T14:58:53Z"
        }
    ]
}

References

https://blog.reversinglabs.com/blog/mining-for-malicious-ruby-gems

Credits

- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

RubyGems / alipay-dualfun

Package

Name: alipay-dualfun
Purl: pkg:gem/alipay-dualfun

Affected ranges

Affected versions

0.*

0.4