MAL-2024-6578

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/aliyun-sls/MAL-2024-6578.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-6578
Aliases
  • GHSA-r26f-v647-xrvx
Published
2024-06-25T13:47:57Z
Modified
2026-07-18T11:04:38.769445351Z
Summary
Malicious code in aliyun-sls (RubyGems)
Details

-= Per source details. Do not edit below this line.=-

## Source: ghsa-malware (c1bee01281e9fe2c0a174ce19e38c2d6fac231f2f19d51e47e7c102dee2e0931)

Credit: OpenSSF (source)

Database specific
{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "sha256": "3b6f800be517359658c7ebd768eb5ef1af74591bb769a149c5cd437a0ad4b230",
            "import_time": "2024-06-28T02:51:54.428684272Z",
            "modified_time": "2024-06-25T13:47:57Z",
            "id": "RLMA-2024-05384",
            "versions": [
                "0.0.7"
            ]
        },
        {
            "sha256": "9fbf742044f5d72f4aa0ada2d14d007b8803f10be1ac622602cfc15e3d5d549c",
            "modified_time": "2024-10-16T14:59:02Z",
            "import_time": "2024-10-24T01:00:52.004530019Z",
            "source": "reversing-labs",
            "id": "RLUA-2024-09903"
        },
        {
            "source": "ghsa-malware",
            "sha256": "c1bee01281e9fe2c0a174ce19e38c2d6fac231f2f19d51e47e7c102dee2e0931",
            "import_time": "2026-07-18T10:46:31.361117602Z",
            "modified_time": "2026-07-18T01:56:57Z",
            "id": "GHSA-r26f-v647-xrvx",
            "versions": [
                "0.0.7"
            ]
        }
    ]
}
References
Credits

Affected packages

RubyGems / aliyun-sls

Package

Name
aliyun-sls
Purl
pkg:gem/aliyun-sls

Affected ranges

Affected versions

0.*
0.0.7

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/aliyun-sls/MAL-2024-6578.json"