MAL-2025-191590

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/szsec-infos-report-wh1sper/MAL-2025-191590.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191590
Published
2025-12-01T13:26:38Z
Modified
2025-12-02T21:59:13.886207Z
Summary
Malicious code in szsec-infos-report-wh1sper (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (b009d66a2dccfe829b9259191c35e451f8f0ff75d1041165f2faf49e8f5dbd16)

The package szsec-infos-report-wh1sper was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "id": "RLMA-2025-05956",
            "import_time": "2025-12-02T09:09:54.666077918Z",
            "modified_time": "2025-12-01T13:26:38Z",
            "sha256": "39b9a28f2490b30a62a2dc69e1981f97f5ca46fb7cc2d40d12af65e517d5a240",
            "versions": [
                "2.0.0",
                "2.0.1",
                "2.1.1",
                "3.0.1"
            ]
        },
        {
            "source": "amazon-inspector",
            "import_time": "2025-12-02T21:35:53.903222902Z",
            "sha256": "b009d66a2dccfe829b9259191c35e451f8f0ff75d1041165f2faf49e8f5dbd16",
            "modified_time": "2025-12-02T21:11:00Z",
            "versions": [
                "2.0.0",
                "2.0.1",
                "2.1.1",
                "3.0.1"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / szsec-infos-report-wh1sper

Package

Name
szsec-infos-report-wh1sper
View open source insights on deps.dev
Purl
pkg:npm/szsec-infos-report-wh1sper

Affected ranges

Affected versions

2.*
2.0.0
2.0.1
2.1.1
3.*
3.0.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/szsec-infos-report-wh1sper/MAL-2025-191590.json"