MAL-2025-5211

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cro-pricing/MAL-2025-5211.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-5211
Published
2025-06-21T00:59:44Z
Modified
2025-06-21T02:35:21Z
Summary
Malicious code in cro-pricing (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (ad3153abfc5098f205551190f8a491deda5c4b47c00a18ed66800ef238c6b78d)

The OpenSSF Package Analysis project identified 'cro-pricing' @ 1.0.8 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "4900ac11d76b67823e8cf4eebc80801199ba012deb8cbca0ef6c5f6be14f5a7c",
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.3"
            ],
            "modified_time": "2025-06-21T00:59:44Z",
            "import_time": "2025-06-21T01:33:23.350422895Z"
        },
        {
            "sha256": "7bd2cd1609d710658a47c1dcd37bc6f2b329d8704a360dc8442cf5a0d1062a9f",
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.4"
            ],
            "modified_time": "2025-06-21T01:11:36Z",
            "import_time": "2025-06-21T01:33:23.651288142Z"
        },
        {
            "sha256": "c8c4724ad20672235580ec4abe9c103ec7ecdf2f328ea5c283e8e0efd54ad9ff",
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.5"
            ],
            "modified_time": "2025-06-21T01:20:55Z",
            "import_time": "2025-06-21T01:33:23.920376013Z"
        },
        {
            "sha256": "ad3153abfc5098f205551190f8a491deda5c4b47c00a18ed66800ef238c6b78d",
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.8"
            ],
            "modified_time": "2025-06-21T02:15:50Z",
            "import_time": "2025-06-21T02:34:51.98742545Z"
        },
        {
            "sha256": "ee4a6ec40052cc9d5c28cfa09ed8356d1fe9f4c011c63e94e689e79b5f16e7d7",
            "source": "ossf-package-analysis",
            "versions": [
                "1.0.7"
            ],
            "modified_time": "2025-06-21T02:05:38Z",
            "import_time": "2025-06-21T02:34:51.876301077Z"
        }
    ]
}
References
Credits

Affected packages

npm / cro-pricing

Package

Name
cro-pricing
View open source insights on deps.dev
Purl
pkg:npm/cro-pricing

Affected ranges

Affected versions

1.*
1.0.3
1.0.4
1.0.5
1.0.7
1.0.8

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cro-pricing/MAL-2025-5211.json"