MAL-2025-191978

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-cranberry-sleigh-853/MAL-2025-191978.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191978
Published
2025-12-03T13:55:27Z
Modified
2025-12-03T16:18:04.521219Z
Summary
Malicious code in elf-stats-cranberry-sleigh-853 (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (f85ae12d2f730c46ea2549c98a491f8ccccf2c8f7a484258398ce7dad89c137c)

The package elf-stats-cranberry-sleigh-853 was found to contain malicious code.

Source: ossf-package-analysis (8c2499eb605ed1cdd8896cb21357da72fa92cbb5d8b27048115bf63144046a39)

The OpenSSF Package Analysis project identified 'elf-stats-cranberry-sleigh-853' @ 1.0.2 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "8c2499eb605ed1cdd8896cb21357da72fa92cbb5d8b27048115bf63144046a39",
            "source": "ossf-package-analysis",
            "modified_time": "2025-12-03T13:55:27Z",
            "versions": [
                "1.0.2"
            ],
            "import_time": "2025-12-03T14:07:12.550440791Z"
        },
        {
            "sha256": "b83b68f1aa445b37c5553ec4dfec2c3b8c7db797107c3de58be00d113e890415",
            "source": "ossf-package-analysis",
            "modified_time": "2025-12-03T14:00:35Z",
            "versions": [
                "1.0.4"
            ],
            "import_time": "2025-12-03T14:07:12.649225217Z"
        },
        {
            "sha256": "41baeece254656637a6c933b4bd409505b354d6224093a5bd7a876f7ec55a91a",
            "source": "ossf-package-analysis",
            "modified_time": "2025-12-03T14:07:13Z",
            "versions": [
                "1.0.5"
            ],
            "import_time": "2025-12-03T14:40:59.402944303Z"
        },
        {
            "sha256": "fa623d9b7ae58a456182a2efb548398bd7e6e394eb9a9f245f7298bf9c0298a4",
            "source": "ossf-package-analysis",
            "modified_time": "2025-12-03T14:11:05Z",
            "versions": [
                "1.0.6"
            ],
            "import_time": "2025-12-03T14:40:59.556040833Z"
        },
        {
            "sha256": "f85ae12d2f730c46ea2549c98a491f8ccccf2c8f7a484258398ce7dad89c137c",
            "source": "amazon-inspector",
            "modified_time": "2025-12-03T15:59:29Z",
            "versions": [
                "1.0.1",
                "1.0.3",
                "1.0.2",
                "1.0.4",
                "1.0.5"
            ],
            "import_time": "2025-12-03T16:09:43.422884683Z"
        }
    ]
}
References
Credits

Affected packages

npm / elf-stats-cranberry-sleigh-853

Package

Name
elf-stats-cranberry-sleigh-853
View open source insights on deps.dev
Purl
pkg:npm/elf-stats-cranberry-sleigh-853

Affected ranges

Affected versions

1.*
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-cranberry-sleigh-853/MAL-2025-191978.json"