MAL-2024-9212

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@copilot-web-widgets/common-core-sdk/MAL-2024-9212.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-9212

Published

2024-10-10T19:10:44Z

Modified

2024-10-15T00:21:39Z

Summary

Malicious code in @copilot-web-widgets/common-core-sdk (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (148c6b43da3f4ec787aa611cf721a390eab6918627604a9405d817955e2c472b)

The OpenSSF Package Analysis project identified '@copilot-web-widgets/common-core-sdk' @ 1.11.0 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-10-10T19:30:42Z",
            "import_time": "2024-10-10T19:34:07.697557577Z",
            "versions": [
                "1.11.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "148c6b43da3f4ec787aa611cf721a390eab6918627604a9405d817955e2c472b"
        },
        {
            "modified_time": "2024-10-10T19:26:01Z",
            "import_time": "2024-10-10T19:34:07.373752191Z",
            "versions": [
                "1.9.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "81653dc6a94d3adb06c07aaf51b83989a9b6ae1db16cd0fe87413127a34caa96"
        },
        {
            "modified_time": "2024-10-10T19:15:51Z",
            "import_time": "2024-10-10T19:34:07.224791217Z",
            "versions": [
                "1.6.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "be08d5a3382b1889f180635b68473897791ec9aeb242282c49f10f62d9f3b103"
        },
        {
            "modified_time": "2024-10-10T19:29:24Z",
            "import_time": "2024-10-10T19:34:07.528246351Z",
            "versions": [
                "1.10.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "edd12a76954bdf4d384fcbac03c028e7c9015ab86c3ef401a42d0cfc49fd6b32"
        },
        {
            "modified_time": "2024-10-10T19:10:44Z",
            "import_time": "2024-10-11T04:06:21.050231712Z",
            "versions": [
                "1.3.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "678e7b3f59c0c1d82a5af9599521720ef44381310b3d7707a976bc93766604a6"
        },
        {
            "modified_time": "2024-10-10T22:24:25Z",
            "import_time": "2024-10-11T04:06:21.494402401Z",
            "versions": [
                "1.20.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "6d138092302b52c43f1bd5800431fbcdf3d5e6514b1647a62e0c82608b788452"
        },
        {
            "modified_time": "2024-10-11T19:03:41Z",
            "import_time": "2024-10-15T00:21:15.650790412Z",
            "versions": [
                "2.100.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "31e26f17afbdfc84085afef35b1649df402571934631aa1bea20c1beca68029f"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / @copilot-web-widgets/common-core-sdk

Package

Name: @copilot-web-widgets/common-core-sdk; View open source insights on deps.dev
Purl: pkg:npm/%40copilot-web-widgets/common-core-sdk

Affected ranges

Affected versions

1.*

1.3.0

1.6.0

1.9.0

1.10.0

1.11.0

1.20.0

2.*

2.100.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@copilot-web-widgets/common-core-sdk/MAL-2024-9212.json"