mal-2024-1048
Vulnerability from ossf_malicious_packages
Malicious code in @apics/apps-ppp-web (npm)
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (a11545fc54b4d0cdd2e0e8de4ab835b254677aff86d325e9bec6a0a6b5e090a8)
The OpenSSF Package Analysis project identified '@apics/apps-ppp-web' @ 9.39.1 (npm) as malicious.
It is considered malicious because:
-
The package communicates with a domain associated with malicious activity.
-
The package executes one or more commands associated with malicious behavior.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@apics/apps-ppp-web"
},
"versions": [
"9.34.0",
"9.37.0",
"9.39.0",
"9.39.1",
"9.39.2"
]
}
],
"credits": [
{
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
],
"name": "OpenSSF: Package Analysis",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"import_time": "2024-03-01T15:04:49.653759625Z",
"modified_time": "2024-03-01T14:55:54Z",
"sha256": "69dfab3bed458cb7101c09908991f9538d3f114ee24ec01fb91ab7fb365a1265",
"source": "ossf-package-analysis",
"versions": [
"9.34.0"
]
},
{
"import_time": "2024-03-01T20:05:33.487432334Z",
"modified_time": "2024-03-01T19:39:41Z",
"sha256": "422a327c66b99432969f00d1b7fb11495705c862786637a95e4df268a1fa03d6",
"source": "ossf-package-analysis",
"versions": [
"9.37.0"
]
},
{
"import_time": "2024-03-01T20:05:33.589335695Z",
"modified_time": "2024-03-01T20:00:52Z",
"sha256": "a50160c9b2d30476cfbe438fc61feda78b568c1b2601ff846b514ded5a416c12",
"source": "ossf-package-analysis",
"versions": [
"9.39.0"
]
},
{
"import_time": "2024-03-02T21:04:43.488136981Z",
"modified_time": "2024-03-02T20:58:03Z",
"sha256": "a11545fc54b4d0cdd2e0e8de4ab835b254677aff86d325e9bec6a0a6b5e090a8",
"source": "ossf-package-analysis",
"versions": [
"9.39.1"
]
},
{
"import_time": "2024-03-03T21:04:30.041978357Z",
"modified_time": "2024-03-03T20:51:42Z",
"sha256": "fcd58064284c44f909b3b2978eb5710cab99dade8debb01b36332112d52f69fc",
"source": "ossf-package-analysis",
"versions": [
"9.39.2"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (a11545fc54b4d0cdd2e0e8de4ab835b254677aff86d325e9bec6a0a6b5e090a8)\nThe OpenSSF Package Analysis project identified \u0027@apics/apps-ppp-web\u0027 @ 9.39.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
"id": "MAL-2024-1048",
"modified": "2024-03-03T21:04:45Z",
"published": "2024-03-01T14:55:54Z",
"schema_version": "1.5.0",
"summary": "Malicious code in @apics/apps-ppp-web (npm)"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.