MAL-2024-7420

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@fake-registry/b/MAL-2024-7420.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-7420
Published
2024-07-06T11:24:20Z
Modified
2024-07-06T12:06:59Z
Summary
Malicious code in @fake-registry/b (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (47be0b354748c2d14abc42bdd335e4da22324a65c300d85b0fe522705c8e0661)

The OpenSSF Package Analysis project identified '@fake-registry/b' @ 4.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "4.0.0"
            ],
            "import_time": "2024-07-06T11:34:41.447465422Z",
            "modified_time": "2024-07-06T11:24:20Z",
            "sha256": "47be0b354748c2d14abc42bdd335e4da22324a65c300d85b0fe522705c8e0661",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "1.0.1"
            ],
            "import_time": "2024-07-06T12:06:36.038935231Z",
            "modified_time": "2024-07-06T11:57:46Z",
            "sha256": "eb8f893b1ada1d0d9e9d91982a737e0eb6f0048608752305cb6fc72245d11c13",
            "source": "ossf-package-analysis"
        }
    ]
}
References
Credits

Affected packages

npm / @fake-registry/b

Package

Name
@fake-registry/b
View open source insights on deps.dev
Purl
pkg:npm/%40fake-registry/b

Affected ranges

Affected versions

1.*
1.0.1
4.*
4.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@fake-registry/b/MAL-2024-7420.json"