MAL-2025-46900

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/delorean_client/MAL-2025-46900.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-46900
Published
2025-09-01T09:47:27Z
Modified
2025-09-01T09:47:27Z
Summary
Malicious code in delorean_client (RubyGems)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (91b594e6698684765fbf40d5f103e207d5e6166eeafd80ba5690100cab008a4c)

The OpenSSF Package Analysis project identified 'delorean_client' @ 0.4.0.r09ee7b0 (rubygems) as malicious.

It is considered malicious because:

  • The package executes one or more commands associated with malicious behavior.
Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "91b594e6698684765fbf40d5f103e207d5e6166eeafd80ba5690100cab008a4c",
            "source": "ossf-package-analysis",
            "modified_time": "2025-09-01T09:47:27Z",
            "versions": [
                "0.4.0.r09ee7b0"
            ],
            "import_time": "2025-09-08T03:43:51.101715617Z"
        }
    ]
}
References
Credits

Affected packages

RubyGems / delorean_client

Package

Name
delorean_client
Purl
pkg:gem/delorean_client

Affected ranges

Affected versions

0.*
0.4.0.r09ee7b0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/delorean_client/MAL-2025-46900.json"