MAL-2024-7873

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/md-progress-circular/MAL-2024-7873.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-7873

Published

2024-08-01T12:34:03Z

Modified

2024-08-01T15:05:27Z

Summary

Malicious code in md-progress-circular (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (8452da64b993f8adad40197107a47602421aecb7bc71f7b4fae5560a8429552e)

The OpenSSF Package Analysis project identified 'md-progress-circular' @ 100000.0.0 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Database specific

{
    "malicious-packages-origins": [
        {
            "versions": [
                "1337.0.0"
            ],
            "modified_time": "2024-08-01T12:34:03Z",
            "source": "ossf-package-analysis",
            "sha256": "5b83609f693abfd4d17868ae78f9075ba45f6d5dd8cfddad6685fd92b5063989",
            "import_time": "2024-08-01T12:43:40.011402471Z"
        },
        {
            "versions": [
                "40000.0.0"
            ],
            "modified_time": "2024-08-01T13:10:45Z",
            "source": "ossf-package-analysis",
            "sha256": "ac59b96d2cdd1f4ded67b9c7eddd13531e6b6646cfcd1859b87c693d9d8e3d89",
            "import_time": "2024-08-01T13:33:45.244290455Z"
        },
        {
            "versions": [
                "50000.0.0"
            ],
            "modified_time": "2024-08-01T13:52:22Z",
            "source": "ossf-package-analysis",
            "sha256": "e65c37ed25e6e363e944d19c07e8e229a4d046a1a1db0bc75096a105a4132f2a",
            "import_time": "2024-08-01T14:05:11.073244911Z"
        },
        {
            "versions": [
                "1338.0.0"
            ],
            "modified_time": "2024-08-01T14:18:21Z",
            "source": "ossf-package-analysis",
            "sha256": "4a1132724353148272828aab776d86c23abc616a95223a25cd8c20e0dc85a501",
            "import_time": "2024-08-01T14:34:30.431513911Z"
        },
        {
            "versions": [
                "80000.0.0"
            ],
            "modified_time": "2024-08-01T14:13:10Z",
            "source": "ossf-package-analysis",
            "sha256": "b0a6368b5a9358348153aac569ae5b949fc9949784a2a47d31e3a80729af3f60",
            "import_time": "2024-08-01T14:34:30.305167286Z"
        },
        {
            "versions": [
                "100000.0.0"
            ],
            "modified_time": "2024-08-01T15:00:22Z",
            "source": "ossf-package-analysis",
            "sha256": "8452da64b993f8adad40197107a47602421aecb7bc71f7b4fae5560a8429552e",
            "import_time": "2024-08-01T15:05:04.027600924Z"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / md-progress-circular

Package

Name: md-progress-circular; View open source insights on deps.dev
Purl: pkg:npm/md-progress-circular

Affected ranges

Affected versions

1337.*

1337.0.0

1338.*

1338.0.0

40000.*

40000.0.0

50000.*

50000.0.0

80000.*

80000.0.0

100000.*

100000.0.0