MAL-2025-3943

Import Source

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-3943

Published

2025-02-23T05:58:50Z

Modified

2025-02-23T05:58:50Z

Summary

Malicious code in supera (npm)

Details

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain.

Database specific

{
    "malicious-packages-origins": null
}

References

Credits

- GitHax - Software Supply Chain Threat Intelligence - FINDER
- - https://githax.com

Affected packages

1.0.0

1.0.1