MAL-2024-6789

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/bosh-lastpass_plugin/MAL-2024-6789.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-6789
Aliases
  • GHSA-mr3r-mhpq-jwg5
Published
2024-06-25T13:49:52Z
Modified
2026-07-18T11:04:06.644983142Z
Summary
Malicious code in bosh-lastpass_plugin (RubyGems)
Details

-= Per source details. Do not edit below this line.=-

## Source: ghsa-malware (20a754b27a98f30706b29aa8b4f39d7c35099a0ea2cbcb52242b21a018aba836)

Credit: OpenSSF (source)

Database specific
{
    "malicious-packages-origins": [
        {
            "import_time": "2024-06-28T02:52:19.493022994Z",
            "sha256": "8de73238369d1fce897ae90742fa8bb0c3f13fc82b8cb546539490c366f40599",
            "modified_time": "2024-06-25T13:49:52Z",
            "versions": [
                "0.0.4"
            ],
            "id": "RLMA-2024-05595",
            "source": "reversing-labs"
        },
        {
            "sha256": "f62d8c9483a2e71da38b8d4fa7d2e872592654272183da736bff38058f37bef5",
            "modified_time": "2024-10-16T15:01:48Z",
            "import_time": "2024-10-24T01:01:07.53092023Z",
            "id": "RLUA-2024-10114",
            "source": "reversing-labs"
        },
        {
            "id": "GHSA-mr3r-mhpq-jwg5",
            "sha256": "20a754b27a98f30706b29aa8b4f39d7c35099a0ea2cbcb52242b21a018aba836",
            "modified_time": "2026-07-18T01:57:10Z",
            "versions": [
                "0.0.4"
            ],
            "source": "ghsa-malware",
            "import_time": "2026-07-18T10:46:30.950789044Z"
        }
    ]
}
References
Credits

Affected packages

RubyGems / bosh-lastpass_plugin

Package

Name
bosh-lastpass_plugin
Purl
pkg:gem/bosh-lastpass_plugin

Affected ranges

Affected versions

0.*
0.0.4

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/bosh-lastpass_plugin/MAL-2024-6789.json"