MAL-2025-3424

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/user-journey-tracker/MAL-2025-3424.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-3424

Published

2025-04-23T16:04:24Z

Modified

2025-04-23T16:04:24Z

Summary

Malicious code in user-journey-tracker (npm)

Details

-= Per source details. Do not edit below this line.=-

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2025-02455",
            "import_time": "2025-04-25T09:36:42.542095144Z",
            "sha256": "c0b8aa6ef83c8e24f24960b8de5c19f03c3e20f07b7f06d6c787743e087f4724",
            "source": "reversing-labs",
            "modified_time": "2025-04-23T16:04:24Z",
            "versions": [
                "1.0.0",
                "1.9.9",
                "2.9.9",
                "3.9.9",
                "4.9.9",
                "5.9.9",
                "6.9.9",
                "7.9.9",
                "8.9.9",
                "9.9.9",
                "10.9.9",
                "11.9.9",
                "12.9.9",
                "13.9.9",
                "14.9.9",
                "15.9.9",
                "16.9.9"
            ]
        }
    ]
}

References

Credits

- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / user-journey-tracker

Package

Name: user-journey-tracker; View open source insights on deps.dev
Purl: pkg:npm/user-journey-tracker

Affected ranges

Affected versions

1.*

1.0.0

1.9.9

2.*

2.9.9

3.*

3.9.9

4.*

4.9.9

5.*

5.9.9

6.*

6.9.9

7.*

7.9.9

8.*

8.9.9

9.*

9.9.9

10.*

10.9.9

11.*

11.9.9

12.*

12.9.9

13.*

13.9.9

14.*

14.9.9

15.*

15.9.9

16.*

16.9.9

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/user-journey-tracker/MAL-2025-3424.json"