MAL-2024-7791

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/next-react-notify/MAL-2024-7791.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-7791

Published

2024-07-22T16:29:34Z

Modified

2024-07-22T16:29:34Z

Summary

Malicious code in next-react-notify (npm)

Details

The package executes multiple malicious commands to download and execute further payloads. The tactics used are characteristic of an ongoing North Korean campaign.

Database specific

{
    "malicious-packages-origins": null
}

References

Credits

- Stacklok: trustypkg.dev - FINDER
- - https://discord.com/invite/RkzVuTp3WK

Affected packages

npm / next-react-notify

Package

Name: next-react-notify; View open source insights on deps.dev
Purl: pkg:npm/next-react-notify

Affected ranges

Affected versions

1.*

1.0.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/next-react-notify/MAL-2024-7791.json"