mal-2024-984
Vulnerability from ossf_malicious_packages
Malicious code in prism-commercial-ui (npm)
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (022a3875aaf0406fa69c720352856a350f48f0b350caf1e5bb66717663d7a078)
The OpenSSF Package Analysis project identified 'prism-commercial-ui' @ 100.100.100 (npm) as malicious.
It is considered malicious because:
-
The package communicates with a domain associated with malicious activity.
-
The package executes one or more commands associated with malicious behavior.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "prism-commercial-ui"
},
"versions": [
"100.100.100",
"100.100.103",
"100.100.102",
"100.100.109",
"100.100.114",
"100.100.113",
"100.100.116",
"100.100.117",
"100.100.118",
"100.100.119",
"100.100.123",
"100.100.124",
"100.100.120"
]
}
],
"credits": [
{
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
],
"name": "OpenSSF: Package Analysis",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"import_time": "2024-02-09T06:04:58.79079466Z",
"modified_time": "2024-02-09T05:55:39Z",
"sha256": "022a3875aaf0406fa69c720352856a350f48f0b350caf1e5bb66717663d7a078",
"source": "ossf-package-analysis",
"versions": [
"100.100.100"
]
},
{
"import_time": "2024-02-09T06:33:13.024192297Z",
"modified_time": "2024-02-09T06:30:51Z",
"sha256": "5caeb9a46735e7fa74b20e9646a9363fecfaa68245c478718eef4c283b628ecf",
"source": "ossf-package-analysis",
"versions": [
"100.100.103"
]
},
{
"import_time": "2024-02-09T06:33:12.931883239Z",
"modified_time": "2024-02-09T06:10:44Z",
"sha256": "e27564ccf1e18fbbbd80796d9bfc14a868804b4014ef968e9b344ef0ff1965e9",
"source": "ossf-package-analysis",
"versions": [
"100.100.102"
]
},
{
"import_time": "2024-02-10T16:05:03.533961352Z",
"modified_time": "2024-02-10T15:46:44Z",
"sha256": "29397e6aa78d5fa17b88a2a00ba30c7c7578f8c84db3089debb4fd14b9c0dc19",
"source": "ossf-package-analysis",
"versions": [
"100.100.109"
]
},
{
"import_time": "2024-02-10T16:05:03.607367493Z",
"modified_time": "2024-02-10T16:02:13Z",
"sha256": "70450cb60199cc965fb4fee18004891f020155923eacad89c52148363c0c7c5d",
"source": "ossf-package-analysis",
"versions": [
"100.100.114"
]
},
{
"import_time": "2024-02-10T16:05:03.695067079Z",
"modified_time": "2024-02-10T16:02:44Z",
"sha256": "840b2083681c8091779dd3cc52fafb773e26a1ab1f7f00d4804ea56c396d1cbc",
"source": "ossf-package-analysis",
"versions": [
"100.100.113"
]
},
{
"import_time": "2024-02-10T16:33:42.269864127Z",
"modified_time": "2024-02-10T16:22:16Z",
"sha256": "ba2713f3ab57d33d564a9a135a100c86283006c3f4fe48b89389194db31a03f0",
"source": "ossf-package-analysis",
"versions": [
"100.100.116"
]
},
{
"import_time": "2024-02-10T17:04:46.850915379Z",
"modified_time": "2024-02-10T16:34:01Z",
"sha256": "2f79a09c1c454df18e21caab4acebdd28f3658a020fb96bb67b4fcd908002c1a",
"source": "ossf-package-analysis",
"versions": [
"100.100.117"
]
},
{
"import_time": "2024-02-10T17:04:46.930060028Z",
"modified_time": "2024-02-10T16:54:58Z",
"sha256": "77f3eba44fe0476babc7b6b726e095d75838f6493eb0377ad67fb391157ce890",
"source": "ossf-package-analysis",
"versions": [
"100.100.118"
]
},
{
"import_time": "2024-02-10T17:33:25.573564237Z",
"modified_time": "2024-02-10T17:10:40Z",
"sha256": "83bac9ccab9e56b1dc992ea5c306fdffc7f0053d80f7aa46f5e761a78a44ebd4",
"source": "ossf-package-analysis",
"versions": [
"100.100.119"
]
},
{
"import_time": "2024-02-10T18:33:44.441535662Z",
"modified_time": "2024-02-10T18:24:34Z",
"sha256": "56819234e88488640a741291dc9458c02c8c923750487bf07809579727a460b3",
"source": "ossf-package-analysis",
"versions": [
"100.100.123"
]
},
{
"import_time": "2024-02-10T18:33:44.529019488Z",
"modified_time": "2024-02-10T18:28:08Z",
"sha256": "d6af70cdbf87a78819c966ed1af3a1805d0c6e613b2dcbcab59f500ba7c21525",
"source": "ossf-package-analysis",
"versions": [
"100.100.124"
]
},
{
"import_time": "2024-02-10T19:04:15.422634002Z",
"modified_time": "2024-02-10T18:53:02Z",
"sha256": "12e2136d417ea588a7cf7962aa8449f26be99d0b9400a69c3f051f214c2f2472",
"source": "ossf-package-analysis",
"versions": [
"100.100.120"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (022a3875aaf0406fa69c720352856a350f48f0b350caf1e5bb66717663d7a078)\nThe OpenSSF Package Analysis project identified \u0027prism-commercial-ui\u0027 @ 100.100.100 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
"id": "MAL-2024-984",
"modified": "2024-02-10T19:04:36Z",
"published": "2024-02-09T05:55:39Z",
"schema_version": "1.5.0",
"summary": "Malicious code in prism-commercial-ui (npm)"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.