MAL-2025-1546

Import Source

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-1546

Published

2025-02-23T05:16:15Z

Modified

2025-02-23T05:16:15Z

Summary

Malicious code in tstfde54545 (npm)

Details

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain.

Database specific

{
    "malicious-packages-origins": null
}

References

Credits

- GitHax - Software Supply Chain Threat Intelligence - FINDER
- - https://githax.com

Affected packages

1.*

1.0.0

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/tstfde54545/MAL-2025-1546.json"