MAL-2024-7834

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/melio-platform-api-client/MAL-2024-7834.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-7834
Published
2024-07-28T23:15:41Z
Modified
2024-10-24T01:02:00Z
Summary
Malicious code in melio-platform-api-client (RubyGems)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (cb4e0efafa3bf0645819f2aa88cfdc7778f938470c0984afc5e1f1504df982aa)

The OpenSSF Package Analysis project identified 'melio-platform-api-client' @ 5.0.0 (rubygems) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "cb4e0efafa3bf0645819f2aa88cfdc7778f938470c0984afc5e1f1504df982aa",
            "import_time": "2024-07-28T23:33:52.252012045Z",
            "versions": [
                "5.0.0"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-07-28T23:15:41Z"
        },
        {
            "sha256": "3a2b123e03a1e782c385419aff070781610593da7fef94b4d548673d591615cd",
            "import_time": "2024-10-24T00:57:13.045934193Z",
            "versions": [
                "3.0.1",
                "3.1.1",
                "3.1.2",
                "3.1.4",
                "4.4.4",
                "4.4.5",
                "4.4.6",
                "5.0.0",
                "5.0.1"
            ],
            "id": "RLMA-2024-10315",
            "source": "reversing-labs",
            "modified_time": "2024-10-16T15:04:22Z"
        }
    ]
}
References
Credits

Affected packages

RubyGems / melio-platform-api-client

Package

Name
melio-platform-api-client
Purl
pkg:gem/melio-platform-api-client

Affected ranges

Affected versions

3.*

3.0.1
3.1.1
3.1.2
3.1.4

4.*

4.4.4
4.4.5
4.4.6

5.*

5.0.0
5.0.1