MAL-2024-984

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/prism-commercial-ui/MAL-2024-984.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-984

Published

2024-02-09T05:55:39Z

Modified

2024-02-10T19:04:36Z

Summary

Malicious code in prism-commercial-ui (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (022a3875aaf0406fa69c720352856a350f48f0b350caf1e5bb66717663d7a078)

The OpenSSF Package Analysis project identified 'prism-commercial-ui' @ 100.100.100 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "022a3875aaf0406fa69c720352856a350f48f0b350caf1e5bb66717663d7a078",
            "import_time": "2024-02-09T06:04:58.79079466Z",
            "versions": [
                "100.100.100"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-09T05:55:39Z"
        },
        {
            "sha256": "5caeb9a46735e7fa74b20e9646a9363fecfaa68245c478718eef4c283b628ecf",
            "import_time": "2024-02-09T06:33:13.024192297Z",
            "versions": [
                "100.100.103"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-09T06:30:51Z"
        },
        {
            "sha256": "e27564ccf1e18fbbbd80796d9bfc14a868804b4014ef968e9b344ef0ff1965e9",
            "import_time": "2024-02-09T06:33:12.931883239Z",
            "versions": [
                "100.100.102"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-09T06:10:44Z"
        },
        {
            "sha256": "29397e6aa78d5fa17b88a2a00ba30c7c7578f8c84db3089debb4fd14b9c0dc19",
            "import_time": "2024-02-10T16:05:03.533961352Z",
            "versions": [
                "100.100.109"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-10T15:46:44Z"
        },
        {
            "sha256": "70450cb60199cc965fb4fee18004891f020155923eacad89c52148363c0c7c5d",
            "import_time": "2024-02-10T16:05:03.607367493Z",
            "versions": [
                "100.100.114"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-10T16:02:13Z"
        },
        {
            "sha256": "840b2083681c8091779dd3cc52fafb773e26a1ab1f7f00d4804ea56c396d1cbc",
            "import_time": "2024-02-10T16:05:03.695067079Z",
            "versions": [
                "100.100.113"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-10T16:02:44Z"
        },
        {
            "sha256": "ba2713f3ab57d33d564a9a135a100c86283006c3f4fe48b89389194db31a03f0",
            "import_time": "2024-02-10T16:33:42.269864127Z",
            "versions": [
                "100.100.116"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-10T16:22:16Z"
        },
        {
            "sha256": "2f79a09c1c454df18e21caab4acebdd28f3658a020fb96bb67b4fcd908002c1a",
            "import_time": "2024-02-10T17:04:46.850915379Z",
            "versions": [
                "100.100.117"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-10T16:34:01Z"
        },
        {
            "sha256": "77f3eba44fe0476babc7b6b726e095d75838f6493eb0377ad67fb391157ce890",
            "import_time": "2024-02-10T17:04:46.930060028Z",
            "versions": [
                "100.100.118"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-10T16:54:58Z"
        },
        {
            "sha256": "83bac9ccab9e56b1dc992ea5c306fdffc7f0053d80f7aa46f5e761a78a44ebd4",
            "import_time": "2024-02-10T17:33:25.573564237Z",
            "versions": [
                "100.100.119"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-10T17:10:40Z"
        },
        {
            "sha256": "56819234e88488640a741291dc9458c02c8c923750487bf07809579727a460b3",
            "import_time": "2024-02-10T18:33:44.441535662Z",
            "versions": [
                "100.100.123"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-10T18:24:34Z"
        },
        {
            "sha256": "d6af70cdbf87a78819c966ed1af3a1805d0c6e613b2dcbcab59f500ba7c21525",
            "import_time": "2024-02-10T18:33:44.529019488Z",
            "versions": [
                "100.100.124"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-10T18:28:08Z"
        },
        {
            "sha256": "12e2136d417ea588a7cf7962aa8449f26be99d0b9400a69c3f051f214c2f2472",
            "import_time": "2024-02-10T19:04:15.422634002Z",
            "versions": [
                "100.100.120"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2024-02-10T18:53:02Z"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / prism-commercial-ui

Package

Name: prism-commercial-ui; View open source insights on deps.dev
Purl: pkg:npm/prism-commercial-ui

Affected ranges

Affected versions

100.*

100.100.100

100.100.102

100.100.103

100.100.109

100.100.113

100.100.114

100.100.116

100.100.117

100.100.118

100.100.119

100.100.120

100.100.123

100.100.124