MAL-2025-48352

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@igh/server-updater-ssh-l2/MAL-2025-48352.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-48352
Published
2025-10-04T01:46:51Z
Modified
2025-10-04T01:46:51Z
Summary
Malicious code in @igh/server-updater-ssh-l2 (npm)
Details

The package contains malicious code.

Database specific 
{
    "malicious-packages-origins": null
}
References
Credits

Affected packages

npm / @igh/server-updater-ssh-l2

Package

Name
@igh/server-updater-ssh-l2
View open source insights on deps.dev
Purl
pkg:npm/%40igh/server-updater-ssh-l2

Affected ranges

Affected versions

1.*
1.2.18

Database specific

cwes 
[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]
source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@igh/server-updater-ssh-l2/MAL-2025-48352.json"