MAL-2025-1676

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/zohodeskportalsdksampleappsreactnative/MAL-2025-1676.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-1676

Published

2025-03-03T10:00:59Z

Modified

2025-07-08T12:10:52Z

Summary

Malicious code in zohodeskportalsdksampleappsreactnative (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (46d46cb1be5475917e2e2ec917b43cb05d3a0382d2fc6b288f7fc02089399be5)

The OpenSSF Package Analysis project identified 'zohodeskportalsdksampleappsreactnative' @ 5.1.0 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2025-03-03T10:06:31.610027262Z",
            "sha256": "46d46cb1be5475917e2e2ec917b43cb05d3a0382d2fc6b288f7fc02089399be5",
            "source": "ossf-package-analysis",
            "modified_time": "2025-03-03T10:00:59Z",
            "versions": [
                "5.1.0"
            ]
        },
        {
            "id": "RLMA-2025-01921",
            "import_time": "2025-03-31T07:07:04.067268273Z",
            "sha256": "2b51cf774582625926f6a47c82df2ab73045ffb0379269992538315f8443b0fc",
            "source": "reversing-labs",
            "modified_time": "2025-03-28T13:05:06Z",
            "versions": [
                "1.1.0",
                "2.1.0",
                "3.1.0",
                "5.1.0",
                "5.2.0",
                "5.5.0",
                "9.0.0"
            ]
        },
        {
            "import_time": "2025-07-07T15:37:53.26400288Z",
            "sha256": "203da67f89175efa0ac1415af767a1dc79a2ab8ec8f1a94c0c829825133f8712",
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-07T15:15:58Z",
            "versions": [
                "3.3.3"
            ]
        },
        {
            "import_time": "2025-07-08T09:07:51.39878993Z",
            "sha256": "9b950f96644f755bb74dc9158bc441d3beab3b077ef11c8439c4674d22bd4234",
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-08T08:42:15Z",
            "versions": [
                "5.5.5"
            ]
        },
        {
            "import_time": "2025-07-08T12:10:30.564516131Z",
            "sha256": "a758a2538aece967a043ea305d686f9e5ba7c100b88924e131a380e5be1a7832",
            "source": "ossf-package-analysis",
            "modified_time": "2025-07-08T11:58:37Z",
            "versions": [
                "7.7.7"
            ]
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / zohodeskportalsdksampleappsreactnative

Package

Name: zohodeskportalsdksampleappsreactnative; View open source insights on deps.dev
Purl: pkg:npm/zohodeskportalsdksampleappsreactnative

Affected ranges

Affected versions

1.*

1.1.0

2.*

2.1.0

3.*

3.1.0

3.3.3

5.*

5.1.0

5.2.0

5.5.0

5.5.5

7.*

7.7.7

9.*

9.0.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/zohodeskportalsdksampleappsreactnative/MAL-2025-1676.json"