diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index 6b443370c..bc28e5a61 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -9a0dc55d053b1b78996b3d72d529e1b6d4e7aab370036139811c46be18531d0f \ No newline at end of file +e7de0a7c98ac53b6e1705bb896576b36d8f230070d24a84482896c42fdda1230 \ No newline at end of file diff --git a/osv/malicious/npm/@add-wallet-exchange/import-type/MAL-0000-ghsa-malware-009dc7d5e85690b3.json b/osv/malicious/npm/@add-wallet-exchange/import-type/MAL-2024-11933.json similarity index 63% rename from osv/malicious/npm/@add-wallet-exchange/import-type/MAL-0000-ghsa-malware-009dc7d5e85690b3.json rename to osv/malicious/npm/@add-wallet-exchange/import-type/MAL-2024-11933.json index 91553bb88..5ba1974de 100644 --- a/osv/malicious/npm/@add-wallet-exchange/import-type/MAL-0000-ghsa-malware-009dc7d5e85690b3.json +++ b/osv/malicious/npm/@add-wallet-exchange/import-type/MAL-2024-11933.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:26:14Z", "published": "2024-12-19T13:26:14Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11933", "aliases": [ "GHSA-x36w-pmjx-8j76" ], - "summary": "Malware in @add-wallet-exchange/import-type", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in @add-wallet-exchange/import-type (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (009dc7d5e85690b3a1fdfe88879a357c8277b755a5983e5e9bcadf1e2624af1a)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-x36w-pmjx-8j76" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "009dc7d5e85690b3a1fdfe88879a357c8277b755a5983e5e9bcadf1e2624af1a", - "import_time": "2024-12-20T00:32:39.528816275Z", "id": "GHSA-x36w-pmjx-8j76", + "import_time": "2024-12-20T00:32:39.528816275Z", "modified_time": "2024-12-19T13:26:14Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "009dc7d5e85690b3a1fdfe88879a357c8277b755a5983e5e9bcadf1e2624af1a", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/@add-wallet-exchange/reset/MAL-0000-ghsa-malware-eb76748dbba1a050.json b/osv/malicious/npm/@add-wallet-exchange/reset/MAL-2024-11934.json similarity index 63% rename from osv/malicious/npm/@add-wallet-exchange/reset/MAL-0000-ghsa-malware-eb76748dbba1a050.json rename to osv/malicious/npm/@add-wallet-exchange/reset/MAL-2024-11934.json index 2acc2b376..7a4f067fd 100644 --- a/osv/malicious/npm/@add-wallet-exchange/reset/MAL-0000-ghsa-malware-eb76748dbba1a050.json +++ b/osv/malicious/npm/@add-wallet-exchange/reset/MAL-2024-11934.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:26:14Z", "published": "2024-12-19T13:26:14Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11934", "aliases": [ "GHSA-3254-x48m-vxpj" ], - "summary": "Malware in @add-wallet-exchange/reset", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in @add-wallet-exchange/reset (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (eb76748dbba1a0501ea786fecbf98f24109ef841f992cc7a4ebda7f06d6b95b3)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-3254-x48m-vxpj" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "eb76748dbba1a0501ea786fecbf98f24109ef841f992cc7a4ebda7f06d6b95b3", - "import_time": "2024-12-20T00:32:39.369260138Z", "id": "GHSA-3254-x48m-vxpj", + "import_time": "2024-12-20T00:32:39.369260138Z", "modified_time": "2024-12-19T13:26:14Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "eb76748dbba1a0501ea786fecbf98f24109ef841f992cc7a4ebda7f06d6b95b3", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/@add-wallet-exchange/set-imported-csv-message/MAL-0000-ghsa-malware-85e68f887715288c.json b/osv/malicious/npm/@add-wallet-exchange/set-imported-csv-message/MAL-2024-11935.json similarity index 62% rename from osv/malicious/npm/@add-wallet-exchange/set-imported-csv-message/MAL-0000-ghsa-malware-85e68f887715288c.json rename to osv/malicious/npm/@add-wallet-exchange/set-imported-csv-message/MAL-2024-11935.json index d8ed85fd3..3b1f135a3 100644 --- a/osv/malicious/npm/@add-wallet-exchange/set-imported-csv-message/MAL-0000-ghsa-malware-85e68f887715288c.json +++ b/osv/malicious/npm/@add-wallet-exchange/set-imported-csv-message/MAL-2024-11935.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:26:14Z", "published": "2024-12-19T13:26:14Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11935", "aliases": [ "GHSA-8m64-h92r-p78q" ], - "summary": "Malware in @add-wallet-exchange/set-imported-csv-message", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in @add-wallet-exchange/set-imported-csv-message (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (85e68f887715288c07927e0e74544a85fd8c7f1fd0ea7afe1ff8d50322fcaa34)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-8m64-h92r-p78q" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "85e68f887715288c07927e0e74544a85fd8c7f1fd0ea7afe1ff8d50322fcaa34", - "import_time": "2024-12-20T00:32:39.417903824Z", "id": "GHSA-8m64-h92r-p78q", + "import_time": "2024-12-20T00:32:39.417903824Z", "modified_time": "2024-12-19T13:26:14Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "85e68f887715288c07927e0e74544a85fd8c7f1fd0ea7afe1ff8d50322fcaa34", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/@add-wallet-exchange/type-api-data/MAL-0000-ghsa-malware-9a8805bb9462f791.json b/osv/malicious/npm/@add-wallet-exchange/type-api-data/MAL-2024-11936.json similarity index 62% rename from osv/malicious/npm/@add-wallet-exchange/type-api-data/MAL-0000-ghsa-malware-9a8805bb9462f791.json rename to osv/malicious/npm/@add-wallet-exchange/type-api-data/MAL-2024-11936.json index 1b72c06e0..b4e916aef 100644 --- a/osv/malicious/npm/@add-wallet-exchange/type-api-data/MAL-0000-ghsa-malware-9a8805bb9462f791.json +++ b/osv/malicious/npm/@add-wallet-exchange/type-api-data/MAL-2024-11936.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:26:14Z", "published": "2024-12-19T13:26:14Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11936", "aliases": [ "GHSA-x8wm-m6x9-2x8w" ], - "summary": "Malware in @add-wallet-exchange/type-api-data", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in @add-wallet-exchange/type-api-data (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (9a8805bb9462f791743ade0e86d29e6c574fbdd3f67079d132694c9ac3409f0f)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-x8wm-m6x9-2x8w" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "9a8805bb9462f791743ade0e86d29e6c574fbdd3f67079d132694c9ac3409f0f", - "import_time": "2024-12-20T00:32:39.53166691Z", "id": "GHSA-x8wm-m6x9-2x8w", + "import_time": "2024-12-20T00:32:39.53166691Z", "modified_time": "2024-12-19T13:26:14Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "9a8805bb9462f791743ade0e86d29e6c574fbdd3f67079d132694c9ac3409f0f", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/@metrics-service/mf-client/MAL-0000-ghsa-malware-4515e226dd4aafab.json b/osv/malicious/npm/@metrics-service/mf-client/MAL-2024-11937.json similarity index 63% rename from osv/malicious/npm/@metrics-service/mf-client/MAL-0000-ghsa-malware-4515e226dd4aafab.json rename to osv/malicious/npm/@metrics-service/mf-client/MAL-2024-11937.json index 0a8a944fd..b50bdda5d 100644 --- a/osv/malicious/npm/@metrics-service/mf-client/MAL-0000-ghsa-malware-4515e226dd4aafab.json +++ b/osv/malicious/npm/@metrics-service/mf-client/MAL-2024-11937.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:33:24Z", "published": "2024-12-19T13:33:24Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11937", "aliases": [ "GHSA-q66r-vc6h-289x" ], - "summary": "Malware in @metrics-service/mf-client", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in @metrics-service/mf-client (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (4515e226dd4aafab225dd128f71075baadf1fc7b2176ed97b19e90ae8aadb642)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-q66r-vc6h-289x" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "4515e226dd4aafab225dd128f71075baadf1fc7b2176ed97b19e90ae8aadb642", - "import_time": "2024-12-20T00:32:39.493975856Z", "id": "GHSA-q66r-vc6h-289x", + "import_time": "2024-12-20T00:32:39.493975856Z", "modified_time": "2024-12-19T13:33:24Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "4515e226dd4aafab225dd128f71075baadf1fc7b2176ed97b19e90ae8aadb642", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/abacus-frontend/MAL-0000-ghsa-malware-0bb03bbb0a4e31bf.json b/osv/malicious/npm/abacus-frontend/MAL-2024-11938.json similarity index 63% rename from osv/malicious/npm/abacus-frontend/MAL-0000-ghsa-malware-0bb03bbb0a4e31bf.json rename to osv/malicious/npm/abacus-frontend/MAL-2024-11938.json index 61de1ca65..ff97d04c2 100644 --- a/osv/malicious/npm/abacus-frontend/MAL-0000-ghsa-malware-0bb03bbb0a4e31bf.json +++ b/osv/malicious/npm/abacus-frontend/MAL-2024-11938.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:52:28Z", "published": "2024-12-19T09:52:28Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11938", "aliases": [ "GHSA-hp83-576q-jpp2" ], - "summary": "Malware in abacus-frontend", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in abacus-frontend (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (0bb03bbb0a4e31bfc1d2ca22ccbfc5090ab234c3359195c560188f54d9148113)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-hp83-576q-jpp2" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "0bb03bbb0a4e31bfc1d2ca22ccbfc5090ab234c3359195c560188f54d9148113", - "import_time": "2024-12-20T00:32:39.469290667Z", "id": "GHSA-hp83-576q-jpp2", + "import_time": "2024-12-20T00:32:39.469290667Z", "modified_time": "2024-12-19T09:52:28Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "0bb03bbb0a4e31bfc1d2ca22ccbfc5090ab234c3359195c560188f54d9148113", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/acm-nano-logger-fe/MAL-0000-ghsa-malware-8669771f2fb91caa.json b/osv/malicious/npm/acm-nano-logger-fe/MAL-0000-ghsa-malware-8669771f2fb91caa.json deleted file mode 100644 index 9eb1da8f6..000000000 --- a/osv/malicious/npm/acm-nano-logger-fe/MAL-0000-ghsa-malware-8669771f2fb91caa.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T09:53:03Z", - "published": "2024-12-19T09:53:03Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-xm52-j22g-79m4" - ], - "summary": "Malware in acm-nano-logger-fe", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "acm-nano-logger-fe" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-xm52-j22g-79m4" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-xm52-j22g-79m4" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "8669771f2fb91caaf8e8b4059e9466a605b69db4766b85ce718c33d1b09999a8", - "import_time": "2024-12-20T00:32:39.534495984Z", - "id": "GHSA-xm52-j22g-79m4", - "modified_time": "2024-12-19T09:53:03Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/acm-nano-logger-fe/MAL-2024-11164.json b/osv/malicious/npm/acm-nano-logger-fe/MAL-2024-11164.json index 44cba0c93..bc56a20c5 100644 --- a/osv/malicious/npm/acm-nano-logger-fe/MAL-2024-11164.json +++ b/osv/malicious/npm/acm-nano-logger-fe/MAL-2024-11164.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-02T06:38:26Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-02T06:38:26Z", "schema_version": "1.5.0", "id": "MAL-2024-11164", + "aliases": [ + "GHSA-xm52-j22g-79m4" + ], "summary": "Malicious code in acm-nano-logger-fe (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (b61a271676acb74a0dbdd953cb4902596a99c141c2b75174ef00558f9bed02c1)\nThe OpenSSF Package Analysis project identified 'acm-nano-logger-fe' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (8669771f2fb91caaf8e8b4059e9466a605b69db4766b85ce718c33d1b09999a8)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (b61a271676acb74a0dbdd953cb4902596a99c141c2b75174ef00558f9bed02c1)\nThe OpenSSF Package Analysis project identified 'acm-nano-logger-fe' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "acm-nano-logger-fe" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-xm52-j22g-79m4" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "b61a271676acb74a0dbdd953cb4902596a99c141c2b75174ef00558f9bed02c1", "import_time": "2024-12-02T06:40:55.607015243Z", "modified_time": "2024-12-02T06:38:26Z", - "sha256": "b61a271676acb74a0dbdd953cb4902596a99c141c2b75174ef00558f9bed02c1", - "source": "ossf-package-analysis", "versions": [ "1.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "8669771f2fb91caaf8e8b4059e9466a605b69db4766b85ce718c33d1b09999a8", + "import_time": "2024-12-20T00:32:39.534495984Z", + "id": "GHSA-xm52-j22g-79m4", + "modified_time": "2024-12-19T09:53:03Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/action-testtttt/MAL-0000-ghsa-malware-76afe05559b1759f.json b/osv/malicious/npm/action-testtttt/MAL-2024-11939.json similarity index 63% rename from osv/malicious/npm/action-testtttt/MAL-0000-ghsa-malware-76afe05559b1759f.json rename to osv/malicious/npm/action-testtttt/MAL-2024-11939.json index 4d0ca36d0..95a9a154b 100644 --- a/osv/malicious/npm/action-testtttt/MAL-0000-ghsa-malware-76afe05559b1759f.json +++ b/osv/malicious/npm/action-testtttt/MAL-2024-11939.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:55:09Z", "published": "2024-12-19T09:55:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11939", "aliases": [ "GHSA-f7gc-3qc4-hhvq" ], - "summary": "Malware in action-testtttt", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in action-testtttt (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (76afe05559b1759ff69fe0657362b303c6e8bff5a5221305fe01dd0842a1e5f3)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-f7gc-3qc4-hhvq" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "76afe05559b1759ff69fe0657362b303c6e8bff5a5221305fe01dd0842a1e5f3", - "import_time": "2024-12-20T00:32:39.442935062Z", "id": "GHSA-f7gc-3qc4-hhvq", + "import_time": "2024-12-20T00:32:39.442935062Z", "modified_time": "2024-12-19T09:55:09Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "76afe05559b1759ff69fe0657362b303c6e8bff5a5221305fe01dd0842a1e5f3", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/actions-languageservices/MAL-0000-ghsa-malware-a6468057d6ae1775.json b/osv/malicious/npm/actions-languageservices/MAL-2024-11940.json similarity index 63% rename from osv/malicious/npm/actions-languageservices/MAL-0000-ghsa-malware-a6468057d6ae1775.json rename to osv/malicious/npm/actions-languageservices/MAL-2024-11940.json index 45377853f..7c4b3a33e 100644 --- a/osv/malicious/npm/actions-languageservices/MAL-0000-ghsa-malware-a6468057d6ae1775.json +++ b/osv/malicious/npm/actions-languageservices/MAL-2024-11940.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:55:13Z", "published": "2024-12-19T09:55:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11940", "aliases": [ "GHSA-w87v-wrcv-7hxf" ], - "summary": "Malware in actions-languageservices", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in actions-languageservices (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (a6468057d6ae17756ec02b7293da5160697424f26a39e172bce32c38a2b2337b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-w87v-wrcv-7hxf" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "a6468057d6ae17756ec02b7293da5160697424f26a39e172bce32c38a2b2337b", - "import_time": "2024-12-20T00:32:39.519864762Z", "id": "GHSA-w87v-wrcv-7hxf", + "import_time": "2024-12-20T00:32:39.519864762Z", "modified_time": "2024-12-19T09:55:13Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "a6468057d6ae17756ec02b7293da5160697424f26a39e172bce32c38a2b2337b", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/apache-airflow-ui/MAL-0000-ghsa-malware-e6c372df22c9d32d.json b/osv/malicious/npm/apache-airflow-ui/MAL-2024-11941.json similarity index 63% rename from osv/malicious/npm/apache-airflow-ui/MAL-0000-ghsa-malware-e6c372df22c9d32d.json rename to osv/malicious/npm/apache-airflow-ui/MAL-2024-11941.json index 35b8b4a7f..8a9b10e5c 100644 --- a/osv/malicious/npm/apache-airflow-ui/MAL-0000-ghsa-malware-e6c372df22c9d32d.json +++ b/osv/malicious/npm/apache-airflow-ui/MAL-2024-11941.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:13:59Z", "published": "2024-12-19T13:13:58Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11941", "aliases": [ "GHSA-jv5h-c943-8rw7" ], - "summary": "Malware in apache-airflow-ui", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in apache-airflow-ui (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (e6c372df22c9d32de9b2be3a877474b47fc253abc67f5b69d611ebc9640559fe)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-jv5h-c943-8rw7" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "e6c372df22c9d32de9b2be3a877474b47fc253abc67f5b69d611ebc9640559fe", - "import_time": "2024-12-20T00:32:39.475529335Z", "id": "GHSA-jv5h-c943-8rw7", + "import_time": "2024-12-20T00:32:39.475529335Z", "modified_time": "2024-12-19T13:13:59Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "e6c372df22c9d32de9b2be3a877474b47fc253abc67f5b69d611ebc9640559fe", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/aries-bifold-root/MAL-0000-ghsa-malware-eca3e60fffb3a648.json b/osv/malicious/npm/aries-bifold-root/MAL-0000-ghsa-malware-eca3e60fffb3a648.json deleted file mode 100644 index 716709d94..000000000 --- a/osv/malicious/npm/aries-bifold-root/MAL-0000-ghsa-malware-eca3e60fffb3a648.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:39:56Z", - "published": "2024-12-19T10:39:56Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-j54w-vpxv-cx72" - ], - "summary": "Malware in aries-bifold-root", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "aries-bifold-root" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-j54w-vpxv-cx72" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-j54w-vpxv-cx72" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "eca3e60fffb3a648dbd8cdd504332376d85921d174fa35cf3d8dae17f1302543", - "import_time": "2024-12-20T00:32:39.471638324Z", - "id": "GHSA-j54w-vpxv-cx72", - "modified_time": "2024-12-19T10:39:56Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/aries-bifold-root/MAL-2024-10901.json b/osv/malicious/npm/aries-bifold-root/MAL-2024-10901.json index c9cae8dc0..b3a147c59 100644 --- a/osv/malicious/npm/aries-bifold-root/MAL-2024-10901.json +++ b/osv/malicious/npm/aries-bifold-root/MAL-2024-10901.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-25T19:54:13Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-11-25T19:54:13Z", "schema_version": "1.5.0", "id": "MAL-2024-10901", + "aliases": [ + "GHSA-j54w-vpxv-cx72" + ], "summary": "Malicious code in aries-bifold-root (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (ad263058d3e4ba0138b6df42bd6e9c50e3b6f7510ff6c31bcaaadba181978c25)\nThe OpenSSF Package Analysis project identified 'aries-bifold-root' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (eca3e60fffb3a648dbd8cdd504332376d85921d174fa35cf3d8dae17f1302543)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (ad263058d3e4ba0138b6df42bd6e9c50e3b6f7510ff6c31bcaaadba181978c25)\nThe OpenSSF Package Analysis project identified 'aries-bifold-root' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "aries-bifold-root" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-j54w-vpxv-cx72" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "ad263058d3e4ba0138b6df42bd6e9c50e3b6f7510ff6c31bcaaadba181978c25", "import_time": "2024-11-25T20:06:08.522529666Z", "modified_time": "2024-11-25T19:54:13Z", - "sha256": "ad263058d3e4ba0138b6df42bd6e9c50e3b6f7510ff6c31bcaaadba181978c25", - "source": "ossf-package-analysis", "versions": [ "1.0.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "eca3e60fffb3a648dbd8cdd504332376d85921d174fa35cf3d8dae17f1302543", + "import_time": "2024-12-20T00:32:39.471638324Z", + "id": "GHSA-j54w-vpxv-cx72", + "modified_time": "2024-12-19T10:39:56Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/atlantis-api/MAL-0000-ghsa-malware-094067edee2b5602.json b/osv/malicious/npm/atlantis-api/MAL-2024-11942.json similarity index 63% rename from osv/malicious/npm/atlantis-api/MAL-0000-ghsa-malware-094067edee2b5602.json rename to osv/malicious/npm/atlantis-api/MAL-2024-11942.json index 9edb12638..b6ea7aee5 100644 --- a/osv/malicious/npm/atlantis-api/MAL-0000-ghsa-malware-094067edee2b5602.json +++ b/osv/malicious/npm/atlantis-api/MAL-2024-11942.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:42:01Z", "published": "2024-12-19T10:42:01Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11942", "aliases": [ "GHSA-2h3h-398p-9h66" ], - "summary": "Malware in atlantis-api", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in atlantis-api (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (094067edee2b5602a50659db017bc266d4d2a8b841374fec88825e3e0dc47816)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-2h3h-398p-9h66" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "094067edee2b5602a50659db017bc266d4d2a8b841374fec88825e3e0dc47816", - "import_time": "2024-12-20T00:32:39.364869074Z", "id": "GHSA-2h3h-398p-9h66", + "import_time": "2024-12-20T00:32:39.364869074Z", "modified_time": "2024-12-19T10:42:01Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "094067edee2b5602a50659db017bc266d4d2a8b841374fec88825e3e0dc47816", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/azure-sdk-for-java-codegen/MAL-0000-ghsa-malware-d80272d9c808f50b.json b/osv/malicious/npm/azure-sdk-for-java-codegen/MAL-2024-11943.json similarity index 63% rename from osv/malicious/npm/azure-sdk-for-java-codegen/MAL-0000-ghsa-malware-d80272d9c808f50b.json rename to osv/malicious/npm/azure-sdk-for-java-codegen/MAL-2024-11943.json index 460ba2e11..a17c6e34e 100644 --- a/osv/malicious/npm/azure-sdk-for-java-codegen/MAL-0000-ghsa-malware-d80272d9c808f50b.json +++ b/osv/malicious/npm/azure-sdk-for-java-codegen/MAL-2024-11943.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:09:49Z", "published": "2024-12-19T11:09:48Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11943", "aliases": [ "GHSA-g9qr-xhj9-p52q" ], - "summary": "Malware in azure-sdk-for-java-codegen", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in azure-sdk-for-java-codegen (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d80272d9c808f50bcde1ac09ec61a64d13c6151cb5ce8724af88330aaa8a0cb3)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-g9qr-xhj9-p52q" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d80272d9c808f50bcde1ac09ec61a64d13c6151cb5ce8724af88330aaa8a0cb3", - "import_time": "2024-12-20T00:32:39.452913772Z", "id": "GHSA-g9qr-xhj9-p52q", + "import_time": "2024-12-20T00:32:39.452913772Z", "modified_time": "2024-12-19T11:09:49Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d80272d9c808f50bcde1ac09ec61a64d13c6151cb5ce8724af88330aaa8a0cb3", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/ba-graphics/MAL-0000-ghsa-malware-1d25fb780dcd8c59.json b/osv/malicious/npm/ba-graphics/MAL-0000-ghsa-malware-1d25fb780dcd8c59.json deleted file mode 100644 index c98c3fab1..000000000 --- a/osv/malicious/npm/ba-graphics/MAL-0000-ghsa-malware-1d25fb780dcd8c59.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:42:41Z", - "published": "2024-12-19T10:42:36Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-rc7p-mhf3-63mg" - ], - "summary": "Malware in ba-graphics", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "ba-graphics" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-rc7p-mhf3-63mg" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-rc7p-mhf3-63mg" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "1d25fb780dcd8c598565114379e013b220e0a17c1b3586acce60a4aa0e0306c8", - "import_time": "2024-12-20T00:32:39.505591294Z", - "id": "GHSA-rc7p-mhf3-63mg", - "modified_time": "2024-12-19T10:42:41Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/ba-graphics/MAL-2024-11206.json b/osv/malicious/npm/ba-graphics/MAL-2024-11206.json index 0c6f061ad..55a854960 100644 --- a/osv/malicious/npm/ba-graphics/MAL-2024-11206.json +++ b/osv/malicious/npm/ba-graphics/MAL-2024-11206.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-05T14:42:54Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-05T14:42:54Z", "schema_version": "1.5.0", "id": "MAL-2024-11206", + "aliases": [ + "GHSA-rc7p-mhf3-63mg" + ], "summary": "Malicious code in ba-graphics (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (e74f64fd87f6591868a7cf0560b5b7c87d0cf73b5ad664155c404e2f85f7a024)\nThe OpenSSF Package Analysis project identified 'ba-graphics' @ 9.0.16 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (1d25fb780dcd8c598565114379e013b220e0a17c1b3586acce60a4aa0e0306c8)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (e74f64fd87f6591868a7cf0560b5b7c87d0cf73b5ad664155c404e2f85f7a024)\nThe OpenSSF Package Analysis project identified 'ba-graphics' @ 9.0.16 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "ba-graphics" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "9.0.16" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rc7p-mhf3-63mg" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "e74f64fd87f6591868a7cf0560b5b7c87d0cf73b5ad664155c404e2f85f7a024", "import_time": "2024-12-05T15:05:35.998297577Z", "modified_time": "2024-12-05T14:42:54Z", - "sha256": "e74f64fd87f6591868a7cf0560b5b7c87d0cf73b5ad664155c404e2f85f7a024", - "source": "ossf-package-analysis", "versions": [ "9.0.16" ] + }, + { + "source": "ghsa-malware", + "sha256": "1d25fb780dcd8c598565114379e013b220e0a17c1b3586acce60a4aa0e0306c8", + "import_time": "2024-12-20T00:32:39.505591294Z", + "id": "GHSA-rc7p-mhf3-63mg", + "modified_time": "2024-12-19T10:42:41Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/bitcoinjs-lib-v6/MAL-0000-ghsa-malware-d413653ebb15cdf1.json b/osv/malicious/npm/bitcoinjs-lib-v6/MAL-2024-11944.json similarity index 63% rename from osv/malicious/npm/bitcoinjs-lib-v6/MAL-0000-ghsa-malware-d413653ebb15cdf1.json rename to osv/malicious/npm/bitcoinjs-lib-v6/MAL-2024-11944.json index 9837ff429..7e3c1d895 100644 --- a/osv/malicious/npm/bitcoinjs-lib-v6/MAL-0000-ghsa-malware-d413653ebb15cdf1.json +++ b/osv/malicious/npm/bitcoinjs-lib-v6/MAL-2024-11944.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:46:12Z", "published": "2024-12-19T10:46:11Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11944", "aliases": [ "GHSA-29fm-2c66-79qp" ], - "summary": "Malware in bitcoinjs-lib-v6", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in bitcoinjs-lib-v6 (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d413653ebb15cdf1e00c6e1053b21b33afb6324cfa26b1b20f93f6bc1e9ac19b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-29fm-2c66-79qp" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d413653ebb15cdf1e00c6e1053b21b33afb6324cfa26b1b20f93f6bc1e9ac19b", - "import_time": "2024-12-20T00:32:39.361617266Z", "id": "GHSA-29fm-2c66-79qp", + "import_time": "2024-12-20T00:32:39.361617266Z", "modified_time": "2024-12-19T10:46:12Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d413653ebb15cdf1e00c6e1053b21b33afb6324cfa26b1b20f93f6bc1e9ac19b", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/bitmex-node-fetch/MAL-0000-ghsa-malware-5cc7c20df046cd10.json b/osv/malicious/npm/bitmex-node-fetch/MAL-0000-ghsa-malware-5cc7c20df046cd10.json deleted file mode 100644 index 3be40c3dc..000000000 --- a/osv/malicious/npm/bitmex-node-fetch/MAL-0000-ghsa-malware-5cc7c20df046cd10.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:12:45Z", - "published": "2024-12-19T11:12:44Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-r4rh-hj97-r4v4" - ], - "summary": "Malware in bitmex-node-fetch", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "bitmex-node-fetch" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-r4rh-hj97-r4v4" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-r4rh-hj97-r4v4" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "5cc7c20df046cd10e263fa37bcda6196d91e23537ce001e8ed4b9598700ad8b8", - "import_time": "2024-12-20T00:32:39.502937777Z", - "id": "GHSA-r4rh-hj97-r4v4", - "modified_time": "2024-12-19T11:12:45Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/bitmex-node-fetch/MAL-2024-11916.json b/osv/malicious/npm/bitmex-node-fetch/MAL-2024-11916.json index b2e2a5851..dcdd17df8 100644 --- a/osv/malicious/npm/bitmex-node-fetch/MAL-2024-11916.json +++ b/osv/malicious/npm/bitmex-node-fetch/MAL-2024-11916.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-18T20:00:50Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-18T20:00:50Z", "schema_version": "1.5.0", "id": "MAL-2024-11916", + "aliases": [ + "GHSA-r4rh-hj97-r4v4" + ], "summary": "Malicious code in bitmex-node-fetch (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (52e353d797b349d8894a949c9f62b0fa2aef0a5c4e32cc2900314bcff6d37fbd)\nThe OpenSSF Package Analysis project identified 'bitmex-node-fetch' @ 100.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (5cc7c20df046cd10e263fa37bcda6196d91e23537ce001e8ed4b9598700ad8b8)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (52e353d797b349d8894a949c9f62b0fa2aef0a5c4e32cc2900314bcff6d37fbd)\nThe OpenSSF Package Analysis project identified 'bitmex-node-fetch' @ 100.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "bitmex-node-fetch" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "100.0.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-r4rh-hj97-r4v4" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "52e353d797b349d8894a949c9f62b0fa2aef0a5c4e32cc2900314bcff6d37fbd", "import_time": "2024-12-18T20:06:06.379775107Z", "modified_time": "2024-12-18T20:00:50Z", - "sha256": "52e353d797b349d8894a949c9f62b0fa2aef0a5c4e32cc2900314bcff6d37fbd", - "source": "ossf-package-analysis", "versions": [ "100.0.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "5cc7c20df046cd10e263fa37bcda6196d91e23537ce001e8ed4b9598700ad8b8", + "import_time": "2024-12-20T00:32:39.502937777Z", + "id": "GHSA-r4rh-hj97-r4v4", + "modified_time": "2024-12-19T11:12:45Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/bounty123ay/MAL-0000-ghsa-malware-272a0c5cf3a56fbb.json b/osv/malicious/npm/bounty123ay/MAL-0000-ghsa-malware-272a0c5cf3a56fbb.json deleted file mode 100644 index 5e6b6534c..000000000 --- a/osv/malicious/npm/bounty123ay/MAL-0000-ghsa-malware-272a0c5cf3a56fbb.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:52:28Z", - "published": "2024-12-19T10:52:27Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-2x5j-vvfw-m9g2" - ], - "summary": "Malware in bounty123ay", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "bounty123ay" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-2x5j-vvfw-m9g2" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-2x5j-vvfw-m9g2" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "272a0c5cf3a56fbb91d5d2a6da53f4fd7be8ddc9385faecf02e97d7ec2f263dd", - "import_time": "2024-12-20T00:32:39.367662713Z", - "id": "GHSA-2x5j-vvfw-m9g2", - "modified_time": "2024-12-19T10:52:28Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/bounty123ay/MAL-2024-11844.json b/osv/malicious/npm/bounty123ay/MAL-2024-11844.json index 11eeaf6cd..d95a618bd 100644 --- a/osv/malicious/npm/bounty123ay/MAL-2024-11844.json +++ b/osv/malicious/npm/bounty123ay/MAL-2024-11844.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-14T16:40:46Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-14T16:40:46Z", "schema_version": "1.5.0", "id": "MAL-2024-11844", + "aliases": [ + "GHSA-2x5j-vvfw-m9g2" + ], "summary": "Malicious code in bounty123ay (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (52b85443b397dd65430722e4e076fd67b29e74db91571df8c421f7ce8f5baf79)\nThe OpenSSF Package Analysis project identified 'bounty123ay' @ 1.0.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (272a0c5cf3a56fbb91d5d2a6da53f4fd7be8ddc9385faecf02e97d7ec2f263dd)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (52b85443b397dd65430722e4e076fd67b29e74db91571df8c421f7ce8f5baf79)\nThe OpenSSF Package Analysis project identified 'bounty123ay' @ 1.0.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "bounty123ay" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.6" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-2x5j-vvfw-m9g2" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "52b85443b397dd65430722e4e076fd67b29e74db91571df8c421f7ce8f5baf79", "import_time": "2024-12-14T17:05:02.157626176Z", "modified_time": "2024-12-14T16:40:46Z", - "sha256": "52b85443b397dd65430722e4e076fd67b29e74db91571df8c421f7ce8f5baf79", - "source": "ossf-package-analysis", "versions": [ "1.0.6" ] + }, + { + "source": "ghsa-malware", + "sha256": "272a0c5cf3a56fbb91d5d2a6da53f4fd7be8ddc9385faecf02e97d7ec2f263dd", + "import_time": "2024-12-20T00:32:39.367662713Z", + "id": "GHSA-2x5j-vvfw-m9g2", + "modified_time": "2024-12-19T10:52:28Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/build-onchain-apps/MAL-0000-ghsa-malware-2ee789547cb97234.json b/osv/malicious/npm/build-onchain-apps/MAL-2024-11945.json similarity index 63% rename from osv/malicious/npm/build-onchain-apps/MAL-0000-ghsa-malware-2ee789547cb97234.json rename to osv/malicious/npm/build-onchain-apps/MAL-2024-11945.json index 5acdbcb78..9d3f80194 100644 --- a/osv/malicious/npm/build-onchain-apps/MAL-0000-ghsa-malware-2ee789547cb97234.json +++ b/osv/malicious/npm/build-onchain-apps/MAL-2024-11945.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:52:37Z", "published": "2024-12-19T10:52:27Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11945", "aliases": [ "GHSA-hj9c-q93m-v3w7" ], - "summary": "Malware in build-onchain-apps", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in build-onchain-apps (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (2ee789547cb97234813aac5b0b91f061a9894a87c49e6f78b8d28f3981ad65ab)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-hj9c-q93m-v3w7" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "2ee789547cb97234813aac5b0b91f061a9894a87c49e6f78b8d28f3981ad65ab", - "import_time": "2024-12-20T00:32:39.468387616Z", "id": "GHSA-hj9c-q93m-v3w7", + "import_time": "2024-12-20T00:32:39.468387616Z", "modified_time": "2024-12-19T10:52:37Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "2ee789547cb97234813aac5b0b91f061a9894a87c49e6f78b8d28f3981ad65ab", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/buoyant-utils/MAL-0000-ghsa-malware-a848aad4ed9b021d.json b/osv/malicious/npm/buoyant-utils/MAL-0000-ghsa-malware-a848aad4ed9b021d.json deleted file mode 100644 index 3b22ec011..000000000 --- a/osv/malicious/npm/buoyant-utils/MAL-0000-ghsa-malware-a848aad4ed9b021d.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:53:38Z", - "published": "2024-12-19T10:53:38Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-xjcj-jmw5-qqwg" - ], - "summary": "Malware in buoyant-utils", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "buoyant-utils" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-xjcj-jmw5-qqwg" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-xjcj-jmw5-qqwg" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "a848aad4ed9b021dd1c4df3717c23fc8ef9578378c9bb92abe8f921a77ea100c", - "import_time": "2024-12-20T00:32:39.533713688Z", - "id": "GHSA-xjcj-jmw5-qqwg", - "modified_time": "2024-12-19T10:53:38Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/buoyant-utils/MAL-2024-11202.json b/osv/malicious/npm/buoyant-utils/MAL-2024-11202.json index 48f6b192a..0792c6568 100644 --- a/osv/malicious/npm/buoyant-utils/MAL-2024-11202.json +++ b/osv/malicious/npm/buoyant-utils/MAL-2024-11202.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-05T05:57:35Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-05T05:57:35Z", "schema_version": "1.5.0", "id": "MAL-2024-11202", + "aliases": [ + "GHSA-xjcj-jmw5-qqwg" + ], "summary": "Malicious code in buoyant-utils (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (00be45253259644053fe472ba5d23e1f90dbac57260d2d51594d6ae826a59fc7)\nThe OpenSSF Package Analysis project identified 'buoyant-utils' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (a848aad4ed9b021dd1c4df3717c23fc8ef9578378c9bb92abe8f921a77ea100c)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (00be45253259644053fe472ba5d23e1f90dbac57260d2d51594d6ae826a59fc7)\nThe OpenSSF Package Analysis project identified 'buoyant-utils' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "buoyant-utils" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-xjcj-jmw5-qqwg" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "00be45253259644053fe472ba5d23e1f90dbac57260d2d51594d6ae826a59fc7", "import_time": "2024-12-05T06:07:52.623811026Z", "modified_time": "2024-12-05T05:57:35Z", - "sha256": "00be45253259644053fe472ba5d23e1f90dbac57260d2d51594d6ae826a59fc7", - "source": "ossf-package-analysis", "versions": [ "1.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "a848aad4ed9b021dd1c4df3717c23fc8ef9578378c9bb92abe8f921a77ea100c", + "import_time": "2024-12-20T00:32:39.533713688Z", + "id": "GHSA-xjcj-jmw5-qqwg", + "modified_time": "2024-12-19T10:53:38Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/byted-example/MAL-0000-ghsa-malware-601d1b950741fa25.json b/osv/malicious/npm/byted-example/MAL-2024-11946.json similarity index 63% rename from osv/malicious/npm/byted-example/MAL-0000-ghsa-malware-601d1b950741fa25.json rename to osv/malicious/npm/byted-example/MAL-2024-11946.json index 008b351a6..77154fff3 100644 --- a/osv/malicious/npm/byted-example/MAL-0000-ghsa-malware-601d1b950741fa25.json +++ b/osv/malicious/npm/byted-example/MAL-2024-11946.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:12Z", "published": "2024-12-19T10:56:03Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11946", "aliases": [ "GHSA-g399-hv22-68w7" ], - "summary": "Malware in byted-example", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in byted-example (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (601d1b950741fa25c188fd49b91f64f95cd11170ccea1ac1e731ba8dee490ef6)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-g399-hv22-68w7" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "601d1b950741fa25c188fd49b91f64f95cd11170ccea1ac1e731ba8dee490ef6", - "import_time": "2024-12-20T00:32:39.451890998Z", "id": "GHSA-g399-hv22-68w7", + "import_time": "2024-12-20T00:32:39.451890998Z", "modified_time": "2024-12-19T10:56:12Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "601d1b950741fa25c188fd49b91f64f95cd11170ccea1ac1e731ba8dee490ef6", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/byted-gulu-ms-logger/MAL-0000-ghsa-malware-b7e4265d07794719.json b/osv/malicious/npm/byted-gulu-ms-logger/MAL-2024-11947.json similarity index 63% rename from osv/malicious/npm/byted-gulu-ms-logger/MAL-0000-ghsa-malware-b7e4265d07794719.json rename to osv/malicious/npm/byted-gulu-ms-logger/MAL-2024-11947.json index 9c5b959cb..16eff4b96 100644 --- a/osv/malicious/npm/byted-gulu-ms-logger/MAL-0000-ghsa-malware-b7e4265d07794719.json +++ b/osv/malicious/npm/byted-gulu-ms-logger/MAL-2024-11947.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:02Z", "published": "2024-12-19T10:56:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11947", "aliases": [ "GHSA-5wj8-jgmh-r2rh" ], - "summary": "Malware in byted-gulu-ms-logger", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in byted-gulu-ms-logger (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (b7e4265d07794719fa6a64db194f5b5c070de062f83c208ae9704eaa19fa3645)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-5wj8-jgmh-r2rh" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "b7e4265d07794719fa6a64db194f5b5c070de062f83c208ae9704eaa19fa3645", - "import_time": "2024-12-20T00:32:39.39458659Z", "id": "GHSA-5wj8-jgmh-r2rh", + "import_time": "2024-12-20T00:32:39.39458659Z", "modified_time": "2024-12-19T10:56:02Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "b7e4265d07794719fa6a64db194f5b5c070de062f83c208ae9704eaa19fa3645", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/cdp-agentkit-core/MAL-0000-ghsa-malware-eca0429e10409416.json b/osv/malicious/npm/cdp-agentkit-core/MAL-0000-ghsa-malware-eca0429e10409416.json deleted file mode 100644 index 41127e2f9..000000000 --- a/osv/malicious/npm/cdp-agentkit-core/MAL-0000-ghsa-malware-eca0429e10409416.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:52:37Z", - "published": "2024-12-19T10:52:27Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-cj6g-r22c-fxp5" - ], - "summary": "Malware in cdp-agentkit-core", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "cdp-agentkit-core" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-cj6g-r22c-fxp5" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-cj6g-r22c-fxp5" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "eca0429e104094162231b21ae70c94d199a4c5c2d25813c0eb807d94d7079973", - "import_time": "2024-12-20T00:32:39.434595672Z", - "id": "GHSA-cj6g-r22c-fxp5", - "modified_time": "2024-12-19T10:52:37Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/cdp-agentkit-core/MAL-2024-11204.json b/osv/malicious/npm/cdp-agentkit-core/MAL-2024-11204.json index 9d8bf8aaf..5f104e29c 100644 --- a/osv/malicious/npm/cdp-agentkit-core/MAL-2024-11204.json +++ b/osv/malicious/npm/cdp-agentkit-core/MAL-2024-11204.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-05T10:35:51Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-05T10:35:51Z", "schema_version": "1.5.0", "id": "MAL-2024-11204", + "aliases": [ + "GHSA-cj6g-r22c-fxp5" + ], "summary": "Malicious code in cdp-agentkit-core (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (53bfccce1cf699e3cfb36c7ceecdb5d3ee1baefb99b970404289ce38d6839d19)\nThe OpenSSF Package Analysis project identified 'cdp-agentkit-core' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (eca0429e104094162231b21ae70c94d199a4c5c2d25813c0eb807d94d7079973)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (53bfccce1cf699e3cfb36c7ceecdb5d3ee1baefb99b970404289ce38d6839d19)\nThe OpenSSF Package Analysis project identified 'cdp-agentkit-core' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "cdp-agentkit-core" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-cj6g-r22c-fxp5" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "53bfccce1cf699e3cfb36c7ceecdb5d3ee1baefb99b970404289ce38d6839d19", "import_time": "2024-12-05T10:39:06.291888995Z", "modified_time": "2024-12-05T10:35:51Z", - "sha256": "53bfccce1cf699e3cfb36c7ceecdb5d3ee1baefb99b970404289ce38d6839d19", - "source": "ossf-package-analysis", "versions": [ "1.0.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "eca0429e104094162231b21ae70c94d199a4c5c2d25813c0eb807d94d7079973", + "import_time": "2024-12-20T00:32:39.434595672Z", + "id": "GHSA-cj6g-r22c-fxp5", + "modified_time": "2024-12-19T10:52:37Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/cdp-agentkit-monorepo/MAL-0000-ghsa-malware-d8d524f8c7995e35.json b/osv/malicious/npm/cdp-agentkit-monorepo/MAL-2024-11948.json similarity index 63% rename from osv/malicious/npm/cdp-agentkit-monorepo/MAL-0000-ghsa-malware-d8d524f8c7995e35.json rename to osv/malicious/npm/cdp-agentkit-monorepo/MAL-2024-11948.json index 06aa37cab..a3d1d973c 100644 --- a/osv/malicious/npm/cdp-agentkit-monorepo/MAL-0000-ghsa-malware-d8d524f8c7995e35.json +++ b/osv/malicious/npm/cdp-agentkit-monorepo/MAL-2024-11948.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:52:28Z", "published": "2024-12-19T10:52:27Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11948", "aliases": [ "GHSA-xx3r-vx7v-gv9f" ], - "summary": "Malware in cdp-agentkit-monorepo", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in cdp-agentkit-monorepo (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d8d524f8c7995e353b380cc2c659b12067d589d4b56003ac355d9cc0736f8cd6)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-xx3r-vx7v-gv9f" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d8d524f8c7995e353b380cc2c659b12067d589d4b56003ac355d9cc0736f8cd6", - "import_time": "2024-12-20T00:32:39.536958336Z", "id": "GHSA-xx3r-vx7v-gv9f", + "import_time": "2024-12-20T00:32:39.536958336Z", "modified_time": "2024-12-19T10:52:28Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d8d524f8c7995e353b380cc2c659b12067d589d4b56003ac355d9cc0736f8cd6", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/cdp-agentkit-nodejs/MAL-0000-ghsa-malware-6d53da3389327268.json b/osv/malicious/npm/cdp-agentkit-nodejs/MAL-0000-ghsa-malware-6d53da3389327268.json deleted file mode 100644 index fdf10947d..000000000 --- a/osv/malicious/npm/cdp-agentkit-nodejs/MAL-0000-ghsa-malware-6d53da3389327268.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:52:37Z", - "published": "2024-12-19T10:52:27Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-qrg2-j2x5-v2xw" - ], - "summary": "Malware in cdp-agentkit-nodejs", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "cdp-agentkit-nodejs" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-qrg2-j2x5-v2xw" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-qrg2-j2x5-v2xw" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "6d53da33893272680319756bf6d56dbd2de8b7d06bc19bd46c65f06c11336031", - "import_time": "2024-12-20T00:32:39.500122158Z", - "id": "GHSA-qrg2-j2x5-v2xw", - "modified_time": "2024-12-19T10:52:37Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/cdp-agentkit-nodejs/MAL-2024-11186.json b/osv/malicious/npm/cdp-agentkit-nodejs/MAL-2024-11186.json index c9a702124..4668e89a0 100644 --- a/osv/malicious/npm/cdp-agentkit-nodejs/MAL-2024-11186.json +++ b/osv/malicious/npm/cdp-agentkit-nodejs/MAL-2024-11186.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-04T18:30:54Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-04T18:30:54Z", "schema_version": "1.5.0", "id": "MAL-2024-11186", + "aliases": [ + "GHSA-qrg2-j2x5-v2xw" + ], "summary": "Malicious code in cdp-agentkit-nodejs (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (87f79436f45c0461f085eafc8a6bd72a2fe223a7d9e70924bdede4a4f540defe)\nThe OpenSSF Package Analysis project identified 'cdp-agentkit-nodejs' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (6d53da33893272680319756bf6d56dbd2de8b7d06bc19bd46c65f06c11336031)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (87f79436f45c0461f085eafc8a6bd72a2fe223a7d9e70924bdede4a4f540defe)\nThe OpenSSF Package Analysis project identified 'cdp-agentkit-nodejs' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "cdp-agentkit-nodejs" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qrg2-j2x5-v2xw" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "87f79436f45c0461f085eafc8a6bd72a2fe223a7d9e70924bdede4a4f540defe", "import_time": "2024-12-04T18:40:34.893246644Z", "modified_time": "2024-12-04T18:30:54Z", - "sha256": "87f79436f45c0461f085eafc8a6bd72a2fe223a7d9e70924bdede4a4f540defe", - "source": "ossf-package-analysis", "versions": [ "1.0.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "6d53da33893272680319756bf6d56dbd2de8b7d06bc19bd46c65f06c11336031", + "import_time": "2024-12-20T00:32:39.500122158Z", + "id": "GHSA-qrg2-j2x5-v2xw", + "modified_time": "2024-12-19T10:52:37Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/cdp-agentkit/MAL-0000-ghsa-malware-e07ec87bf0a5899c.json b/osv/malicious/npm/cdp-agentkit/MAL-0000-ghsa-malware-e07ec87bf0a5899c.json deleted file mode 100644 index 80e77b7b7..000000000 --- a/osv/malicious/npm/cdp-agentkit/MAL-0000-ghsa-malware-e07ec87bf0a5899c.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:52:28Z", - "published": "2024-12-19T10:52:27Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-5q62-hw28-9pvg" - ], - "summary": "Malware in cdp-agentkit", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "cdp-agentkit" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-5q62-hw28-9pvg" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-5q62-hw28-9pvg" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "e07ec87bf0a5899c4f97a1c0fcd453df1c220cea6a7a6944d6316f40f9def44c", - "import_time": "2024-12-20T00:32:39.393817108Z", - "id": "GHSA-5q62-hw28-9pvg", - "modified_time": "2024-12-19T10:52:28Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/cdp-agentkit/MAL-2024-11187.json b/osv/malicious/npm/cdp-agentkit/MAL-2024-11187.json index 6ed273aa5..574871f97 100644 --- a/osv/malicious/npm/cdp-agentkit/MAL-2024-11187.json +++ b/osv/malicious/npm/cdp-agentkit/MAL-2024-11187.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-04T18:40:44Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-04T18:40:44Z", "schema_version": "1.5.0", "id": "MAL-2024-11187", + "aliases": [ + "GHSA-5q62-hw28-9pvg" + ], "summary": "Malicious code in cdp-agentkit (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (c584e8adb091328b55be705c1069bb1aebe72685e9413c8ccb801d125894e57f)\nThe OpenSSF Package Analysis project identified 'cdp-agentkit' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (e07ec87bf0a5899c4f97a1c0fcd453df1c220cea6a7a6944d6316f40f9def44c)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (c584e8adb091328b55be705c1069bb1aebe72685e9413c8ccb801d125894e57f)\nThe OpenSSF Package Analysis project identified 'cdp-agentkit' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "cdp-agentkit" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-5q62-hw28-9pvg" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "c584e8adb091328b55be705c1069bb1aebe72685e9413c8ccb801d125894e57f", "import_time": "2024-12-04T19:06:30.003446425Z", "modified_time": "2024-12-04T18:40:44Z", - "sha256": "c584e8adb091328b55be705c1069bb1aebe72685e9413c8ccb801d125894e57f", - "source": "ossf-package-analysis", "versions": [ "1.0.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "e07ec87bf0a5899c4f97a1c0fcd453df1c220cea6a7a6944d6316f40f9def44c", + "import_time": "2024-12-20T00:32:39.393817108Z", + "id": "GHSA-5q62-hw28-9pvg", + "modified_time": "2024-12-19T10:52:28Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/cdp-wallet-manager/MAL-0000-ghsa-malware-06a2e526944349b6.json b/osv/malicious/npm/cdp-wallet-manager/MAL-2024-11949.json similarity index 63% rename from osv/malicious/npm/cdp-wallet-manager/MAL-0000-ghsa-malware-06a2e526944349b6.json rename to osv/malicious/npm/cdp-wallet-manager/MAL-2024-11949.json index 4bf68ec7b..dc9c3604a 100644 --- a/osv/malicious/npm/cdp-wallet-manager/MAL-0000-ghsa-malware-06a2e526944349b6.json +++ b/osv/malicious/npm/cdp-wallet-manager/MAL-2024-11949.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:52:28Z", "published": "2024-12-19T10:52:27Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11949", "aliases": [ "GHSA-rmmm-68c9-6x9w" ], - "summary": "Malware in cdp-wallet-manager", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in cdp-wallet-manager (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (06a2e526944349b6f95ab9040fbfdab31744714123a43d7b0de6b223d1f5fe84)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-rmmm-68c9-6x9w" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "06a2e526944349b6f95ab9040fbfdab31744714123a43d7b0de6b223d1f5fe84", - "import_time": "2024-12-20T00:32:39.508676454Z", "id": "GHSA-rmmm-68c9-6x9w", + "import_time": "2024-12-20T00:32:39.508676454Z", "modified_time": "2024-12-19T10:52:28Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "06a2e526944349b6f95ab9040fbfdab31744714123a43d7b0de6b223d1f5fe84", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/client-admin/MAL-0000-ghsa-malware-9ec1b71ead6207ef.json b/osv/malicious/npm/client-admin/MAL-2024-11950.json similarity index 63% rename from osv/malicious/npm/client-admin/MAL-0000-ghsa-malware-9ec1b71ead6207ef.json rename to osv/malicious/npm/client-admin/MAL-2024-11950.json index b7f828655..2e1e779b9 100644 --- a/osv/malicious/npm/client-admin/MAL-0000-ghsa-malware-9ec1b71ead6207ef.json +++ b/osv/malicious/npm/client-admin/MAL-2024-11950.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:12Z", "published": "2024-12-19T10:56:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11950", "aliases": [ "GHSA-rmg4-7869-233j" ], - "summary": "Malware in client-admin", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in client-admin (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (9ec1b71ead6207ef37019d932ed7a23602447e0f32d5160121f97bc25284ebaa)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-rmg4-7869-233j" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "9ec1b71ead6207ef37019d932ed7a23602447e0f32d5160121f97bc25284ebaa", - "import_time": "2024-12-20T00:32:39.507957056Z", "id": "GHSA-rmg4-7869-233j", + "import_time": "2024-12-20T00:32:39.507957056Z", "modified_time": "2024-12-19T10:56:12Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "9ec1b71ead6207ef37019d932ed7a23602447e0f32d5160121f97bc25284ebaa", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/client-analysis/MAL-0000-ghsa-malware-b972deca5352be5f.json b/osv/malicious/npm/client-analysis/MAL-2024-11951.json similarity index 63% rename from osv/malicious/npm/client-analysis/MAL-0000-ghsa-malware-b972deca5352be5f.json rename to osv/malicious/npm/client-analysis/MAL-2024-11951.json index 9c84a8e44..2417b8f3a 100644 --- a/osv/malicious/npm/client-analysis/MAL-0000-ghsa-malware-b972deca5352be5f.json +++ b/osv/malicious/npm/client-analysis/MAL-2024-11951.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:03Z", "published": "2024-12-19T10:56:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11951", "aliases": [ "GHSA-p23q-qv68-35jp" ], - "summary": "Malware in client-analysis", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in client-analysis (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (b972deca5352be5ff4ad1c1ca8d1b1da5c8f7f124ff1202510ecc3136ab617b5)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-p23q-qv68-35jp" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "b972deca5352be5ff4ad1c1ca8d1b1da5c8f7f124ff1202510ecc3136ab617b5", - "import_time": "2024-12-20T00:32:39.482791733Z", "id": "GHSA-p23q-qv68-35jp", + "import_time": "2024-12-20T00:32:39.482791733Z", "modified_time": "2024-12-19T10:56:03Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "b972deca5352be5ff4ad1c1ca8d1b1da5c8f7f124ff1202510ecc3136ab617b5", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/client-cloud-phone/MAL-0000-ghsa-malware-3f1ae3b18921b79d.json b/osv/malicious/npm/client-cloud-phone/MAL-2024-11952.json similarity index 63% rename from osv/malicious/npm/client-cloud-phone/MAL-0000-ghsa-malware-3f1ae3b18921b79d.json rename to osv/malicious/npm/client-cloud-phone/MAL-2024-11952.json index d82957fd1..911445b46 100644 --- a/osv/malicious/npm/client-cloud-phone/MAL-0000-ghsa-malware-3f1ae3b18921b79d.json +++ b/osv/malicious/npm/client-cloud-phone/MAL-2024-11952.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:03Z", "published": "2024-12-19T10:56:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11952", "aliases": [ "GHSA-43jj-75m4-4f3c" ], - "summary": "Malware in client-cloud-phone", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in client-cloud-phone (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (3f1ae3b18921b79d7beb07afcdddc3fbc53fecdee3c647fcabe847b93220d0d5)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-43jj-75m4-4f3c" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "3f1ae3b18921b79d7beb07afcdddc3fbc53fecdee3c647fcabe847b93220d0d5", - "import_time": "2024-12-20T00:32:39.37865743Z", "id": "GHSA-43jj-75m4-4f3c", + "import_time": "2024-12-20T00:32:39.37865743Z", "modified_time": "2024-12-19T10:56:03Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "3f1ae3b18921b79d7beb07afcdddc3fbc53fecdee3c647fcabe847b93220d0d5", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/client-consent/MAL-0000-ghsa-malware-36ebc6cac6d30201.json b/osv/malicious/npm/client-consent/MAL-2024-11953.json similarity index 63% rename from osv/malicious/npm/client-consent/MAL-0000-ghsa-malware-36ebc6cac6d30201.json rename to osv/malicious/npm/client-consent/MAL-2024-11953.json index 0c5010acb..24b625396 100644 --- a/osv/malicious/npm/client-consent/MAL-0000-ghsa-malware-36ebc6cac6d30201.json +++ b/osv/malicious/npm/client-consent/MAL-2024-11953.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:03Z", "published": "2024-12-19T10:56:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11953", "aliases": [ "GHSA-9fvv-fqrm-5r9g" ], - "summary": "Malware in client-consent", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in client-consent (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (36ebc6cac6d302018d141c45adee10302556bd3da3491d12734412f967aea772)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-9fvv-fqrm-5r9g" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "36ebc6cac6d302018d141c45adee10302556bd3da3491d12734412f967aea772", - "import_time": "2024-12-20T00:32:39.423546543Z", "id": "GHSA-9fvv-fqrm-5r9g", + "import_time": "2024-12-20T00:32:39.423546543Z", "modified_time": "2024-12-19T10:56:03Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "36ebc6cac6d302018d141c45adee10302556bd3da3491d12734412f967aea772", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/client-data/MAL-0000-ghsa-malware-1b9f11a230f7ff6a.json b/osv/malicious/npm/client-data/MAL-2024-11954.json similarity index 63% rename from osv/malicious/npm/client-data/MAL-0000-ghsa-malware-1b9f11a230f7ff6a.json rename to osv/malicious/npm/client-data/MAL-2024-11954.json index d1c042a9b..925eb30cf 100644 --- a/osv/malicious/npm/client-data/MAL-0000-ghsa-malware-1b9f11a230f7ff6a.json +++ b/osv/malicious/npm/client-data/MAL-2024-11954.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:12Z", "published": "2024-12-19T10:56:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11954", "aliases": [ "GHSA-82qp-558q-x842" ], - "summary": "Malware in client-data", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in client-data (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (1b9f11a230f7ff6aa85aa65ed5160eb5e4ebf5dea53582c1feb521964a5472a6)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-82qp-558q-x842" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "1b9f11a230f7ff6aa85aa65ed5160eb5e4ebf5dea53582c1feb521964a5472a6", - "import_time": "2024-12-20T00:32:39.409140686Z", "id": "GHSA-82qp-558q-x842", + "import_time": "2024-12-20T00:32:39.409140686Z", "modified_time": "2024-12-19T10:56:12Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "1b9f11a230f7ff6aa85aa65ed5160eb5e4ebf5dea53582c1feb521964a5472a6", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/client-mpa/MAL-0000-ghsa-malware-104583f4b439c932.json b/osv/malicious/npm/client-mpa/MAL-2024-11955.json similarity index 63% rename from osv/malicious/npm/client-mpa/MAL-0000-ghsa-malware-104583f4b439c932.json rename to osv/malicious/npm/client-mpa/MAL-2024-11955.json index 413e4e0b7..615a895ff 100644 --- a/osv/malicious/npm/client-mpa/MAL-0000-ghsa-malware-104583f4b439c932.json +++ b/osv/malicious/npm/client-mpa/MAL-2024-11955.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:03Z", "published": "2024-12-19T10:56:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11955", "aliases": [ "GHSA-q726-qw4c-j38q" ], - "summary": "Malware in client-mpa", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in client-mpa (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (104583f4b439c932e7387c37cb7abdc91c85df2d7b7825c23a2e354f348e1932)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-q726-qw4c-j38q" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "104583f4b439c932e7387c37cb7abdc91c85df2d7b7825c23a2e354f348e1932", - "import_time": "2024-12-20T00:32:39.494787276Z", "id": "GHSA-q726-qw4c-j38q", + "import_time": "2024-12-20T00:32:39.494787276Z", "modified_time": "2024-12-19T10:56:03Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "104583f4b439c932e7387c37cb7abdc91c85df2d7b7825c23a2e354f348e1932", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/codeql-extractor-iac-action/MAL-0000-ghsa-malware-a3f77f847f2c7d09.json b/osv/malicious/npm/codeql-extractor-iac-action/MAL-0000-ghsa-malware-a3f77f847f2c7d09.json deleted file mode 100644 index 6dfdad007..000000000 --- a/osv/malicious/npm/codeql-extractor-iac-action/MAL-0000-ghsa-malware-a3f77f847f2c7d09.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:02:23Z", - "published": "2024-12-19T11:02:23Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-5499-2jf5-c52p" - ], - "summary": "Malware in codeql-extractor-iac-action", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "codeql-extractor-iac-action" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-5499-2jf5-c52p" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-5499-2jf5-c52p" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "a3f77f847f2c7d09571ef2516734c1d483d434e0980f32c21967900b8d28dd4c", - "import_time": "2024-12-20T00:32:39.389524721Z", - "id": "GHSA-5499-2jf5-c52p", - "modified_time": "2024-12-19T11:02:23Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/codeql-extractor-iac-action/MAL-2024-10883.json b/osv/malicious/npm/codeql-extractor-iac-action/MAL-2024-10883.json index 47b533551..be11ae8fb 100644 --- a/osv/malicious/npm/codeql-extractor-iac-action/MAL-2024-10883.json +++ b/osv/malicious/npm/codeql-extractor-iac-action/MAL-2024-10883.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-23T00:37:12Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-11-23T00:37:12Z", "schema_version": "1.5.0", "id": "MAL-2024-10883", + "aliases": [ + "GHSA-5499-2jf5-c52p" + ], "summary": "Malicious code in codeql-extractor-iac-action (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (04b6d15db941f1d01e071a3963afdf3c69fd65a8915f7c611d7fbbb40fab2d00)\nThe OpenSSF Package Analysis project identified 'codeql-extractor-iac-action' @ 6.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (a3f77f847f2c7d09571ef2516734c1d483d434e0980f32c21967900b8d28dd4c)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (04b6d15db941f1d01e071a3963afdf3c69fd65a8915f7c611d7fbbb40fab2d00)\nThe OpenSSF Package Analysis project identified 'codeql-extractor-iac-action' @ 6.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "codeql-extractor-iac-action" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "6.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-5499-2jf5-c52p" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "04b6d15db941f1d01e071a3963afdf3c69fd65a8915f7c611d7fbbb40fab2d00", "import_time": "2024-11-23T00:49:14.461962092Z", "modified_time": "2024-11-23T00:37:12Z", - "sha256": "04b6d15db941f1d01e071a3963afdf3c69fd65a8915f7c611d7fbbb40fab2d00", - "source": "ossf-package-analysis", "versions": [ "6.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "a3f77f847f2c7d09571ef2516734c1d483d434e0980f32c21967900b8d28dd4c", + "import_time": "2024-12-20T00:32:39.389524721Z", + "id": "GHSA-5499-2jf5-c52p", + "modified_time": "2024-12-19T11:02:23Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/codeql-sarif-security-standard-annotator/MAL-0000-ghsa-malware-daf28531c7b9ae5e.json b/osv/malicious/npm/codeql-sarif-security-standard-annotator/MAL-0000-ghsa-malware-daf28531c7b9ae5e.json deleted file mode 100644 index bf2257d93..000000000 --- a/osv/malicious/npm/codeql-sarif-security-standard-annotator/MAL-0000-ghsa-malware-daf28531c7b9ae5e.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:02:23Z", - "published": "2024-12-19T11:02:23Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-p7c5-c7xw-6272" - ], - "summary": "Malware in codeql-sarif-security-standard-annotator", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "codeql-sarif-security-standard-annotator" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-p7c5-c7xw-6272" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-p7c5-c7xw-6272" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "daf28531c7b9ae5e115da81a3041d6e35bed2b6764cfabb14fdd1b11ff50a6fb", - "import_time": "2024-12-20T00:32:39.484468062Z", - "id": "GHSA-p7c5-c7xw-6272", - "modified_time": "2024-12-19T11:02:23Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/codeql-sarif-security-standard-annotator/MAL-2024-10882.json b/osv/malicious/npm/codeql-sarif-security-standard-annotator/MAL-2024-10882.json index 4f13fc325..a984fedfa 100644 --- a/osv/malicious/npm/codeql-sarif-security-standard-annotator/MAL-2024-10882.json +++ b/osv/malicious/npm/codeql-sarif-security-standard-annotator/MAL-2024-10882.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-22T23:43:18Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-11-22T23:43:18Z", "schema_version": "1.5.0", "id": "MAL-2024-10882", + "aliases": [ + "GHSA-p7c5-c7xw-6272" + ], "summary": "Malicious code in codeql-sarif-security-standard-annotator (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (81f0076033d29c2e9abffb4d86808030d872497b5c7787cb30218afeb0451384)\nThe OpenSSF Package Analysis project identified 'codeql-sarif-security-standard-annotator' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (daf28531c7b9ae5e115da81a3041d6e35bed2b6764cfabb14fdd1b11ff50a6fb)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (81f0076033d29c2e9abffb4d86808030d872497b5c7787cb30218afeb0451384)\nThe OpenSSF Package Analysis project identified 'codeql-sarif-security-standard-annotator' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "codeql-sarif-security-standard-annotator" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "0.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-p7c5-c7xw-6272" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "81f0076033d29c2e9abffb4d86808030d872497b5c7787cb30218afeb0451384", "import_time": "2024-11-23T00:21:35.955893284Z", "modified_time": "2024-11-22T23:43:18Z", - "sha256": "81f0076033d29c2e9abffb4d86808030d872497b5c7787cb30218afeb0451384", - "source": "ossf-package-analysis", "versions": [ "0.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "daf28531c7b9ae5e115da81a3041d6e35bed2b6764cfabb14fdd1b11ff50a6fb", + "import_time": "2024-12-20T00:32:39.484468062Z", + "id": "GHSA-p7c5-c7xw-6272", + "modified_time": "2024-12-19T11:02:23Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/cokie-secret/MAL-0000-ghsa-malware-4bf6e44e11cb2ca8.json b/osv/malicious/npm/cokie-secret/MAL-2024-11956.json similarity index 63% rename from osv/malicious/npm/cokie-secret/MAL-0000-ghsa-malware-4bf6e44e11cb2ca8.json rename to osv/malicious/npm/cokie-secret/MAL-2024-11956.json index 2cccbe5ab..a1595f073 100644 --- a/osv/malicious/npm/cokie-secret/MAL-0000-ghsa-malware-4bf6e44e11cb2ca8.json +++ b/osv/malicious/npm/cokie-secret/MAL-2024-11956.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:53:07Z", "published": "2024-12-19T12:53:07Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11956", "aliases": [ "GHSA-vh3v-7qch-944g" ], - "summary": "Malware in cokie-secret", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in cokie-secret (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (4bf6e44e11cb2ca8f7463f86029c79bfca1f5b6f1e333073ef26716d12f86a3c)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-vh3v-7qch-944g" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "4bf6e44e11cb2ca8f7463f86029c79bfca1f5b6f1e333073ef26716d12f86a3c", - "import_time": "2024-12-20T00:32:39.513759903Z", "id": "GHSA-vh3v-7qch-944g", + "import_time": "2024-12-20T00:32:39.513759903Z", "modified_time": "2024-12-19T12:53:07Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "4bf6e44e11cb2ca8f7463f86029c79bfca1f5b6f1e333073ef26716d12f86a3c", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/coldbox/MAL-0000-ghsa-malware-8841e2d0dbc754df.json b/osv/malicious/npm/coldbox/MAL-0000-ghsa-malware-8841e2d0dbc754df.json deleted file mode 100644 index 5fc4233e8..000000000 --- a/osv/malicious/npm/coldbox/MAL-0000-ghsa-malware-8841e2d0dbc754df.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:02:58Z", - "published": "2024-12-19T11:02:57Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-fj9m-8vvp-m836" - ], - "summary": "Malware in coldbox", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "coldbox" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-fj9m-8vvp-m836" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-fj9m-8vvp-m836" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "8841e2d0dbc754df7eb19a7b42426c538506e0fc7412d08422bbd8f2cf983d73", - "import_time": "2024-12-20T00:32:39.444916418Z", - "id": "GHSA-fj9m-8vvp-m836", - "modified_time": "2024-12-19T11:02:58Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/coldbox/MAL-2024-11201.json b/osv/malicious/npm/coldbox/MAL-2024-11201.json index a5ffc2c38..b18a34914 100644 --- a/osv/malicious/npm/coldbox/MAL-2024-11201.json +++ b/osv/malicious/npm/coldbox/MAL-2024-11201.json @@ -1,20 +1,48 @@ { - "modified": "2024-12-05T05:06:49Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-05T04:54:20Z", "schema_version": "1.5.0", "id": "MAL-2024-11201", + "aliases": [ + "GHSA-fj9m-8vvp-m836" + ], "summary": "Malicious code in coldbox (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (474827e0a2ee549ea70805bdd2b975ffeebe3e2eeecddd9459edfb56f1fa3683)\nThe OpenSSF Package Analysis project identified 'coldbox' @ 6.7.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (8841e2d0dbc754df7eb19a7b42426c538506e0fc7412d08422bbd8f2cf983d73)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (474827e0a2ee549ea70805bdd2b975ffeebe3e2eeecddd9459edfb56f1fa3683)\nThe OpenSSF Package Analysis project identified 'coldbox' @ 6.7.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "coldbox" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "6.7.4", "6.7.6" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-fj9m-8vvp-m836" } ], "credits": [ @@ -30,22 +58,39 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "474827e0a2ee549ea70805bdd2b975ffeebe3e2eeecddd9459edfb56f1fa3683", "import_time": "2024-12-05T05:06:17.546039373Z", "modified_time": "2024-12-05T04:54:20Z", - "sha256": "474827e0a2ee549ea70805bdd2b975ffeebe3e2eeecddd9459edfb56f1fa3683", - "source": "ossf-package-analysis", "versions": [ "6.7.4" ] }, { + "source": "ossf-package-analysis", + "sha256": "7d20e430932ac6587d83688d29363b8e4ddc6f3aaf884b75e4475bd7a52eecaa", "import_time": "2024-12-05T05:06:17.672713717Z", "modified_time": "2024-12-05T05:00:03Z", - "sha256": "7d20e430932ac6587d83688d29363b8e4ddc6f3aaf884b75e4475bd7a52eecaa", - "source": "ossf-package-analysis", "versions": [ "6.7.6" ] + }, + { + "source": "ghsa-malware", + "sha256": "8841e2d0dbc754df7eb19a7b42426c538506e0fc7412d08422bbd8f2cf983d73", + "import_time": "2024-12-20T00:32:39.444916418Z", + "id": "GHSA-fj9m-8vvp-m836", + "modified_time": "2024-12-19T11:02:58Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/com.bovinelabs.analyzers/MAL-0000-ghsa-malware-5dc2ba08a52d30a7.json b/osv/malicious/npm/com.bovinelabs.analyzers/MAL-0000-ghsa-malware-5dc2ba08a52d30a7.json deleted file mode 100644 index ab00f5b49..000000000 --- a/osv/malicious/npm/com.bovinelabs.analyzers/MAL-0000-ghsa-malware-5dc2ba08a52d30a7.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:03:48Z", - "published": "2024-12-19T11:03:48Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-xcqx-rpfj-8q55" - ], - "summary": "Malware in com.bovinelabs.analyzers", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "com.bovinelabs.analyzers" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-xcqx-rpfj-8q55" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-xcqx-rpfj-8q55" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "5dc2ba08a52d30a711e8297ca2702ffd73f503608a85ae5d88e47aa32c7c5c73", - "import_time": "2024-12-20T00:32:39.532849771Z", - "id": "GHSA-xcqx-rpfj-8q55", - "modified_time": "2024-12-19T11:03:48Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/com.bovinelabs.analyzers/MAL-2024-11185.json b/osv/malicious/npm/com.bovinelabs.analyzers/MAL-2024-11185.json index 6bcb6aeaf..07907cb1e 100644 --- a/osv/malicious/npm/com.bovinelabs.analyzers/MAL-2024-11185.json +++ b/osv/malicious/npm/com.bovinelabs.analyzers/MAL-2024-11185.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-04T16:30:55Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-04T16:30:55Z", "schema_version": "1.5.0", "id": "MAL-2024-11185", + "aliases": [ + "GHSA-xcqx-rpfj-8q55" + ], "summary": "Malicious code in com.bovinelabs.analyzers (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (d1447b556b762fe6f393c9102829e8865cb9164c4a6a908bc2dd7a651a595a3d)\nThe OpenSSF Package Analysis project identified 'com.bovinelabs.analyzers' @ 9.9.11 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (5dc2ba08a52d30a711e8297ca2702ffd73f503608a85ae5d88e47aa32c7c5c73)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (d1447b556b762fe6f393c9102829e8865cb9164c4a6a908bc2dd7a651a595a3d)\nThe OpenSSF Package Analysis project identified 'com.bovinelabs.analyzers' @ 9.9.11 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "com.bovinelabs.analyzers" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "9.9.11" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-xcqx-rpfj-8q55" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "d1447b556b762fe6f393c9102829e8865cb9164c4a6a908bc2dd7a651a595a3d", "import_time": "2024-12-04T16:40:12.962848482Z", "modified_time": "2024-12-04T16:30:55Z", - "sha256": "d1447b556b762fe6f393c9102829e8865cb9164c4a6a908bc2dd7a651a595a3d", - "source": "ossf-package-analysis", "versions": [ "9.9.11" ] + }, + { + "source": "ghsa-malware", + "sha256": "5dc2ba08a52d30a711e8297ca2702ffd73f503608a85ae5d88e47aa32c7c5c73", + "import_time": "2024-12-20T00:32:39.532849771Z", + "id": "GHSA-xcqx-rpfj-8q55", + "modified_time": "2024-12-19T11:03:48Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/com.unity.collections/MAL-0000-ghsa-malware-261ab2743232ff1e.json b/osv/malicious/npm/com.unity.collections/MAL-0000-ghsa-malware-261ab2743232ff1e.json deleted file mode 100644 index 07e047307..000000000 --- a/osv/malicious/npm/com.unity.collections/MAL-0000-ghsa-malware-261ab2743232ff1e.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:19:40Z", - "published": "2024-12-19T11:19:34Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-523c-w7gh-pjhv" - ], - "summary": "Malware in com.unity.collections", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "com.unity.collections" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-523c-w7gh-pjhv" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-523c-w7gh-pjhv" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "261ab2743232ff1e6c05ececf67a115acadf196fe4994bda33c1da81b933ac67", - "import_time": "2024-12-20T00:32:39.38694437Z", - "id": "GHSA-523c-w7gh-pjhv", - "modified_time": "2024-12-19T11:19:40Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/com.unity.collections/MAL-2024-11767.json b/osv/malicious/npm/com.unity.collections/MAL-2024-11767.json index 3a82088f9..e5d9acc0b 100644 --- a/osv/malicious/npm/com.unity.collections/MAL-2024-11767.json +++ b/osv/malicious/npm/com.unity.collections/MAL-2024-11767.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-09T08:52:06Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-09T08:52:06Z", "schema_version": "1.5.0", "id": "MAL-2024-11767", + "aliases": [ + "GHSA-523c-w7gh-pjhv" + ], "summary": "Malicious code in com.unity.collections (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (c9f852a0b7e84e2bfe1bb28bba8bfaec23f68b900368d2288678c14179bf414e)\nThe OpenSSF Package Analysis project identified 'com.unity.collections' @ 6.3.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (261ab2743232ff1e6c05ececf67a115acadf196fe4994bda33c1da81b933ac67)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (c9f852a0b7e84e2bfe1bb28bba8bfaec23f68b900368d2288678c14179bf414e)\nThe OpenSSF Package Analysis project identified 'com.unity.collections' @ 6.3.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "com.unity.collections" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "6.3.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-523c-w7gh-pjhv" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "c9f852a0b7e84e2bfe1bb28bba8bfaec23f68b900368d2288678c14179bf414e", "import_time": "2024-12-11T00:49:35.830742603Z", "modified_time": "2024-12-09T08:52:06Z", - "sha256": "c9f852a0b7e84e2bfe1bb28bba8bfaec23f68b900368d2288678c14179bf414e", - "source": "ossf-package-analysis", "versions": [ "6.3.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "261ab2743232ff1e6c05ececf67a115acadf196fe4994bda33c1da81b933ac67", + "import_time": "2024-12-20T00:32:39.38694437Z", + "id": "GHSA-523c-w7gh-pjhv", + "modified_time": "2024-12-19T11:19:40Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/com.unity.entities/MAL-0000-ghsa-malware-704bb1e215446716.json b/osv/malicious/npm/com.unity.entities/MAL-0000-ghsa-malware-704bb1e215446716.json deleted file mode 100644 index 09c78ee07..000000000 --- a/osv/malicious/npm/com.unity.entities/MAL-0000-ghsa-malware-704bb1e215446716.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:21:55Z", - "published": "2024-12-19T11:21:55Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-grqv-r28w-8jgv" - ], - "summary": "Malware in com.unity.entities", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "com.unity.entities" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-grqv-r28w-8jgv" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-grqv-r28w-8jgv" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "704bb1e215446716b288a6ff073ec571aaa17118a226fc27d65925981a74b53b", - "import_time": "2024-12-20T00:32:39.457668882Z", - "id": "GHSA-grqv-r28w-8jgv", - "modified_time": "2024-12-19T11:21:55Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/com.unity.entities/MAL-2024-11768.json b/osv/malicious/npm/com.unity.entities/MAL-2024-11768.json index 88b2b2c1c..b1f9d499b 100644 --- a/osv/malicious/npm/com.unity.entities/MAL-2024-11768.json +++ b/osv/malicious/npm/com.unity.entities/MAL-2024-11768.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-09T09:16:29Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-09T09:16:29Z", "schema_version": "1.5.0", "id": "MAL-2024-11768", + "aliases": [ + "GHSA-grqv-r28w-8jgv" + ], "summary": "Malicious code in com.unity.entities (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (a62f5e52dedb5ed49d67c9238b8c1fcd2430d5c17648b6b817c66ec063f9e604)\nThe OpenSSF Package Analysis project identified 'com.unity.entities' @ 7.1.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (704bb1e215446716b288a6ff073ec571aaa17118a226fc27d65925981a74b53b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (a62f5e52dedb5ed49d67c9238b8c1fcd2430d5c17648b6b817c66ec063f9e604)\nThe OpenSSF Package Analysis project identified 'com.unity.entities' @ 7.1.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "com.unity.entities" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "7.1.2" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-grqv-r28w-8jgv" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "a62f5e52dedb5ed49d67c9238b8c1fcd2430d5c17648b6b817c66ec063f9e604", "import_time": "2024-12-11T00:49:35.96249095Z", "modified_time": "2024-12-09T09:16:29Z", - "sha256": "a62f5e52dedb5ed49d67c9238b8c1fcd2430d5c17648b6b817c66ec063f9e604", - "source": "ossf-package-analysis", "versions": [ "7.1.2" ] + }, + { + "source": "ghsa-malware", + "sha256": "704bb1e215446716b288a6ff073ec571aaa17118a226fc27d65925981a74b53b", + "import_time": "2024-12-20T00:32:39.457668882Z", + "id": "GHSA-grqv-r28w-8jgv", + "modified_time": "2024-12-19T11:21:55Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/component-detection-action/MAL-0000-ghsa-malware-612def523e2e2b3c.json b/osv/malicious/npm/component-detection-action/MAL-2024-11957.json similarity index 63% rename from osv/malicious/npm/component-detection-action/MAL-0000-ghsa-malware-612def523e2e2b3c.json rename to osv/malicious/npm/component-detection-action/MAL-2024-11957.json index b22eac768..c228bfa81 100644 --- a/osv/malicious/npm/component-detection-action/MAL-0000-ghsa-malware-612def523e2e2b3c.json +++ b/osv/malicious/npm/component-detection-action/MAL-2024-11957.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:02:23Z", "published": "2024-12-19T11:02:23Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11957", "aliases": [ "GHSA-8f5j-h48q-mrg4" ], - "summary": "Malware in component-detection-action", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in component-detection-action (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (612def523e2e2b3cd483831188b3e68f79f2575bc19954cc24088532608f7798)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-8f5j-h48q-mrg4" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "612def523e2e2b3cd483831188b3e68f79f2575bc19954cc24088532608f7798", - "import_time": "2024-12-20T00:32:39.414503193Z", "id": "GHSA-8f5j-h48q-mrg4", + "import_time": "2024-12-20T00:32:39.414503193Z", "modified_time": "2024-12-19T11:02:23Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "612def523e2e2b3cd483831188b3e68f79f2575bc19954cc24088532608f7798", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/confidential-package-nam/MAL-0000-ghsa-malware-d1ca97a7c95d3a7f.json b/osv/malicious/npm/confidential-package-nam/MAL-2024-11958.json similarity index 63% rename from osv/malicious/npm/confidential-package-nam/MAL-0000-ghsa-malware-d1ca97a7c95d3a7f.json rename to osv/malicious/npm/confidential-package-nam/MAL-2024-11958.json index a7ed78550..5724036cf 100644 --- a/osv/malicious/npm/confidential-package-nam/MAL-0000-ghsa-malware-d1ca97a7c95d3a7f.json +++ b/osv/malicious/npm/confidential-package-nam/MAL-2024-11958.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:05:54Z", "published": "2024-12-19T11:05:53Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11958", "aliases": [ "GHSA-2gxw-f6rq-5pv8" ], - "summary": "Malware in confidential-package-nam", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in confidential-package-nam (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d1ca97a7c95d3a7f0bc8302fdfa94f96077f03fa620c53c49791fa260617d310)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-2gxw-f6rq-5pv8" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d1ca97a7c95d3a7f0bc8302fdfa94f96077f03fa620c53c49791fa260617d310", - "import_time": "2024-12-20T00:32:39.364090335Z", "id": "GHSA-2gxw-f6rq-5pv8", + "import_time": "2024-12-20T00:32:39.364090335Z", "modified_time": "2024-12-19T11:05:54Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d1ca97a7c95d3a7f0bc8302fdfa94f96077f03fa620c53c49791fa260617d310", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/configure-pages/MAL-0000-ghsa-malware-79cd1afeb9acab2c.json b/osv/malicious/npm/configure-pages/MAL-2024-11959.json similarity index 63% rename from osv/malicious/npm/configure-pages/MAL-0000-ghsa-malware-79cd1afeb9acab2c.json rename to osv/malicious/npm/configure-pages/MAL-2024-11959.json index 9a8edb56c..88aac75bb 100644 --- a/osv/malicious/npm/configure-pages/MAL-0000-ghsa-malware-79cd1afeb9acab2c.json +++ b/osv/malicious/npm/configure-pages/MAL-2024-11959.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:55:13Z", "published": "2024-12-19T09:55:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11959", "aliases": [ "GHSA-77m5-gw6h-2mx9" ], - "summary": "Malware in configure-pages", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in configure-pages (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (79cd1afeb9acab2c5d187d719ceadc3a57f71df17a7d824796c4d9fbcb61081b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-77m5-gw6h-2mx9" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "79cd1afeb9acab2c5d187d719ceadc3a57f71df17a7d824796c4d9fbcb61081b", - "import_time": "2024-12-20T00:32:39.40570736Z", "id": "GHSA-77m5-gw6h-2mx9", + "import_time": "2024-12-20T00:32:39.40570736Z", "modified_time": "2024-12-19T09:55:13Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "79cd1afeb9acab2c5d187d719ceadc3a57f71df17a7d824796c4d9fbcb61081b", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/container-toolkit-template/MAL-0000-ghsa-malware-495f1eeee43fdcdf.json b/osv/malicious/npm/container-toolkit-template/MAL-2024-11960.json similarity index 63% rename from osv/malicious/npm/container-toolkit-template/MAL-0000-ghsa-malware-495f1eeee43fdcdf.json rename to osv/malicious/npm/container-toolkit-template/MAL-2024-11960.json index 5d9d9e2a9..41b426d0e 100644 --- a/osv/malicious/npm/container-toolkit-template/MAL-0000-ghsa-malware-495f1eeee43fdcdf.json +++ b/osv/malicious/npm/container-toolkit-template/MAL-2024-11960.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:55:09Z", "published": "2024-12-19T09:55:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11960", "aliases": [ "GHSA-8p74-2cc2-vgxm" ], - "summary": "Malware in container-toolkit-template", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in container-toolkit-template (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (495f1eeee43fdcdf2a5b5468befc8209a0d5d55f315464d80a9ae3d926a34da7)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-8p74-2cc2-vgxm" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "495f1eeee43fdcdf2a5b5468befc8209a0d5d55f315464d80a9ae3d926a34da7", - "import_time": "2024-12-20T00:32:39.418748054Z", "id": "GHSA-8p74-2cc2-vgxm", + "import_time": "2024-12-20T00:32:39.418748054Z", "modified_time": "2024-12-19T09:55:09Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "495f1eeee43fdcdf2a5b5468befc8209a0d5d55f315464d80a9ae3d926a34da7", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/core-builder/MAL-0000-ghsa-malware-a3799466b97533aa.json b/osv/malicious/npm/core-builder/MAL-2024-11961.json similarity index 63% rename from osv/malicious/npm/core-builder/MAL-0000-ghsa-malware-a3799466b97533aa.json rename to osv/malicious/npm/core-builder/MAL-2024-11961.json index 0a21be1bc..4c06ab28d 100644 --- a/osv/malicious/npm/core-builder/MAL-0000-ghsa-malware-a3799466b97533aa.json +++ b/osv/malicious/npm/core-builder/MAL-2024-11961.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:42:06Z", "published": "2024-12-19T10:42:01Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11961", "aliases": [ "GHSA-h9v7-365x-mqh4" ], - "summary": "Malware in core-builder", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in core-builder (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (a3799466b97533aa31a0abe7ca229c41f551bbf8e1a3e264fb5af6b2bfe7078c)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-h9v7-365x-mqh4" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "a3799466b97533aa31a0abe7ca229c41f551bbf8e1a3e264fb5af6b2bfe7078c", - "import_time": "2024-12-20T00:32:39.46305305Z", "id": "GHSA-h9v7-365x-mqh4", + "import_time": "2024-12-20T00:32:39.46305305Z", "modified_time": "2024-12-19T10:42:06Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "a3799466b97533aa31a0abe7ca229c41f551bbf8e1a3e264fb5af6b2bfe7078c", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/csp-react/MAL-0000-ghsa-malware-07c56da928c82cee.json b/osv/malicious/npm/csp-react/MAL-2024-11962.json similarity index 63% rename from osv/malicious/npm/csp-react/MAL-0000-ghsa-malware-07c56da928c82cee.json rename to osv/malicious/npm/csp-react/MAL-2024-11962.json index afafc7cd5..4cc878a6c 100644 --- a/osv/malicious/npm/csp-react/MAL-0000-ghsa-malware-07c56da928c82cee.json +++ b/osv/malicious/npm/csp-react/MAL-2024-11962.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:07:23Z", "published": "2024-12-19T11:07:23Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11962", "aliases": [ "GHSA-2qrv-xpw9-hq99" ], - "summary": "Malware in csp-react", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in csp-react (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (07c56da928c82cee1c2a2332c92447b99ae4d8fa17441e9391ac05a4f38d3323)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-2qrv-xpw9-hq99" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "07c56da928c82cee1c2a2332c92447b99ae4d8fa17441e9391ac05a4f38d3323", - "import_time": "2024-12-20T00:32:39.365781803Z", "id": "GHSA-2qrv-xpw9-hq99", + "import_time": "2024-12-20T00:32:39.365781803Z", "modified_time": "2024-12-19T11:07:23Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "07c56da928c82cee1c2a2332c92447b99ae4d8fa17441e9391ac05a4f38d3323", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/deathball/MAL-0000-ghsa-malware-c700f66a895bc72b.json b/osv/malicious/npm/deathball/MAL-2024-11963.json similarity index 63% rename from osv/malicious/npm/deathball/MAL-0000-ghsa-malware-c700f66a895bc72b.json rename to osv/malicious/npm/deathball/MAL-2024-11963.json index 98554e7a9..7934c331d 100644 --- a/osv/malicious/npm/deathball/MAL-0000-ghsa-malware-c700f66a895bc72b.json +++ b/osv/malicious/npm/deathball/MAL-2024-11963.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:42:06Z", "published": "2024-12-19T10:42:01Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11963", "aliases": [ "GHSA-4mhr-q4j5-2x2f" ], - "summary": "Malware in deathball", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in deathball (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (c700f66a895bc72be5f345b586961fde0348594f4113f1ee079c3b67fe203f35)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-4mhr-q4j5-2x2f" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "c700f66a895bc72be5f345b586961fde0348594f4113f1ee079c3b67fe203f35", - "import_time": "2024-12-20T00:32:39.382099014Z", "id": "GHSA-4mhr-q4j5-2x2f", + "import_time": "2024-12-20T00:32:39.382099014Z", "modified_time": "2024-12-19T10:42:06Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "c700f66a895bc72be5f345b586961fde0348594f4113f1ee079c3b67fe203f35", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/demo-resources/MAL-0000-ghsa-malware-73030295cfc2df37.json b/osv/malicious/npm/demo-resources/MAL-0000-ghsa-malware-73030295cfc2df37.json deleted file mode 100644 index b09ca4e11..000000000 --- a/osv/malicious/npm/demo-resources/MAL-0000-ghsa-malware-73030295cfc2df37.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:09:48Z", - "published": "2024-12-19T11:09:48Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-674x-7rpx-4495" - ], - "summary": "Malware in demo-resources", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "demo-resources" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-674x-7rpx-4495" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-674x-7rpx-4495" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "73030295cfc2df37061e6ab74ae2c0b2cea34184879e24b484012a578a9ed576", - "import_time": "2024-12-20T00:32:39.39701595Z", - "id": "GHSA-674x-7rpx-4495", - "modified_time": "2024-12-19T11:09:48Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/demo-resources/MAL-2024-11165.json b/osv/malicious/npm/demo-resources/MAL-2024-11165.json index 9ce1bcc5a..b83fbfeb4 100644 --- a/osv/malicious/npm/demo-resources/MAL-2024-11165.json +++ b/osv/malicious/npm/demo-resources/MAL-2024-11165.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T07:01:27Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-01T07:01:27Z", "schema_version": "1.5.0", "id": "MAL-2024-11165", + "aliases": [ + "GHSA-674x-7rpx-4495" + ], "summary": "Malicious code in demo-resources (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (84c6380812b08b984dae3a85a02ea3d088a7ed3febdbf972c544f3569e0d3cfc)\nThe OpenSSF Package Analysis project identified 'demo-resources' @ 5.5.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (73030295cfc2df37061e6ab74ae2c0b2cea34184879e24b484012a578a9ed576)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (84c6380812b08b984dae3a85a02ea3d088a7ed3febdbf972c544f3569e0d3cfc)\nThe OpenSSF Package Analysis project identified 'demo-resources' @ 5.5.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "demo-resources" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "5.5.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-674x-7rpx-4495" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "84c6380812b08b984dae3a85a02ea3d088a7ed3febdbf972c544f3569e0d3cfc", "import_time": "2024-12-02T11:05:09.011514156Z", "modified_time": "2024-12-01T07:01:27Z", - "sha256": "84c6380812b08b984dae3a85a02ea3d088a7ed3febdbf972c544f3569e0d3cfc", - "source": "ossf-package-analysis", "versions": [ "5.5.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "73030295cfc2df37061e6ab74ae2c0b2cea34184879e24b484012a578a9ed576", + "import_time": "2024-12-20T00:32:39.39701595Z", + "id": "GHSA-674x-7rpx-4495", + "modified_time": "2024-12-19T11:09:48Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/dep-confusion-tester/MAL-0000-ghsa-malware-a02b1736028edc55.json b/osv/malicious/npm/dep-confusion-tester/MAL-2024-11964.json similarity index 63% rename from osv/malicious/npm/dep-confusion-tester/MAL-0000-ghsa-malware-a02b1736028edc55.json rename to osv/malicious/npm/dep-confusion-tester/MAL-2024-11964.json index 443f8a404..4687af452 100644 --- a/osv/malicious/npm/dep-confusion-tester/MAL-0000-ghsa-malware-a02b1736028edc55.json +++ b/osv/malicious/npm/dep-confusion-tester/MAL-2024-11964.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:11:19Z", "published": "2024-12-19T11:11:18Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11964", "aliases": [ "GHSA-f4v3-45hm-xv93" ], - "summary": "Malware in dep-confusion-tester", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in dep-confusion-tester (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (a02b1736028edc558aec7dae01fc23a8b183b0eb84ec65f6d97cad92f85d2083)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-f4v3-45hm-xv93" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "a02b1736028edc558aec7dae01fc23a8b183b0eb84ec65f6d97cad92f85d2083", - "import_time": "2024-12-20T00:32:39.440206653Z", "id": "GHSA-f4v3-45hm-xv93", + "import_time": "2024-12-20T00:32:39.440206653Z", "modified_time": "2024-12-19T11:11:19Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "a02b1736028edc558aec7dae01fc23a8b183b0eb84ec65f6d97cad92f85d2083", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/dependency-review-action/MAL-0000-ghsa-malware-fb9bad81419f4cfa.json b/osv/malicious/npm/dependency-review-action/MAL-2024-11965.json similarity index 63% rename from osv/malicious/npm/dependency-review-action/MAL-0000-ghsa-malware-fb9bad81419f4cfa.json rename to osv/malicious/npm/dependency-review-action/MAL-2024-11965.json index 9ff29621a..52adb076e 100644 --- a/osv/malicious/npm/dependency-review-action/MAL-0000-ghsa-malware-fb9bad81419f4cfa.json +++ b/osv/malicious/npm/dependency-review-action/MAL-2024-11965.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:55:09Z", "published": "2024-12-19T09:55:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11965", "aliases": [ "GHSA-73hp-36r2-6m52" ], - "summary": "Malware in dependency-review-action", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in dependency-review-action (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (fb9bad81419f4cfa2078b1228e521070aa1d15f91e26a58d7ee754871cd614c2)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-73hp-36r2-6m52" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "fb9bad81419f4cfa2078b1228e521070aa1d15f91e26a58d7ee754871cd614c2", - "import_time": "2024-12-20T00:32:39.404080843Z", "id": "GHSA-73hp-36r2-6m52", + "import_time": "2024-12-20T00:32:39.404080843Z", "modified_time": "2024-12-19T09:55:09Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "fb9bad81419f4cfa2078b1228e521070aa1d15f91e26a58d7ee754871cd614c2", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/deploy-pages/MAL-0000-ghsa-malware-176f868a287ef5a5.json b/osv/malicious/npm/deploy-pages/MAL-2024-11966.json similarity index 63% rename from osv/malicious/npm/deploy-pages/MAL-0000-ghsa-malware-176f868a287ef5a5.json rename to osv/malicious/npm/deploy-pages/MAL-2024-11966.json index d927fb063..f817de5d3 100644 --- a/osv/malicious/npm/deploy-pages/MAL-0000-ghsa-malware-176f868a287ef5a5.json +++ b/osv/malicious/npm/deploy-pages/MAL-2024-11966.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:55:14Z", "published": "2024-12-19T09:55:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11966", "aliases": [ "GHSA-94fw-7xhp-8m2h" ], - "summary": "Malware in deploy-pages", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in deploy-pages (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (176f868a287ef5a5af82a0534c36ef855e91bf0a605106d0af59408ed0fba7e5)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-94fw-7xhp-8m2h" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "176f868a287ef5a5af82a0534c36ef855e91bf0a605106d0af59408ed0fba7e5", - "import_time": "2024-12-20T00:32:39.420611632Z", "id": "GHSA-94fw-7xhp-8m2h", + "import_time": "2024-12-20T00:32:39.420611632Z", "modified_time": "2024-12-19T09:55:14Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "176f868a287ef5a5af82a0534c36ef855e91bf0a605106d0af59408ed0fba7e5", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/detection-rules-explorer/MAL-0000-ghsa-malware-24b2dc0e1b956b76.json b/osv/malicious/npm/detection-rules-explorer/MAL-0000-ghsa-malware-24b2dc0e1b956b76.json deleted file mode 100644 index 34d3973ed..000000000 --- a/osv/malicious/npm/detection-rules-explorer/MAL-0000-ghsa-malware-24b2dc0e1b956b76.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:12:45Z", - "published": "2024-12-19T11:12:44Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-w8m2-j4hh-q879" - ], - "summary": "Malware in detection-rules-explorer", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "detection-rules-explorer" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-w8m2-j4hh-q879" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-w8m2-j4hh-q879" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "24b2dc0e1b956b76c550587e90653267b618f257e8f5243aa8df3c04b3002e89", - "import_time": "2024-12-20T00:32:39.520834938Z", - "id": "GHSA-w8m2-j4hh-q879", - "modified_time": "2024-12-19T11:12:45Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/detection-rules-explorer/MAL-2024-11759.json b/osv/malicious/npm/detection-rules-explorer/MAL-2024-11759.json index f02244ecb..bd89db1cc 100644 --- a/osv/malicious/npm/detection-rules-explorer/MAL-2024-11759.json +++ b/osv/malicious/npm/detection-rules-explorer/MAL-2024-11759.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-10T16:36:00Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-10T16:36:00Z", "schema_version": "1.5.0", "id": "MAL-2024-11759", + "aliases": [ + "GHSA-w8m2-j4hh-q879" + ], "summary": "Malicious code in detection-rules-explorer (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (fc15aa1d751234e5745e574c231b115651eabcabe57c388a812df37d7f96a877)\nThe OpenSSF Package Analysis project identified 'detection-rules-explorer' @ 100.3.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (24b2dc0e1b956b76c550587e90653267b618f257e8f5243aa8df3c04b3002e89)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (fc15aa1d751234e5745e574c231b115651eabcabe57c388a812df37d7f96a877)\nThe OpenSSF Package Analysis project identified 'detection-rules-explorer' @ 100.3.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "detection-rules-explorer" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "100.3.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-w8m2-j4hh-q879" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "fc15aa1d751234e5745e574c231b115651eabcabe57c388a812df37d7f96a877", "import_time": "2024-12-10T16:40:26.603042569Z", "modified_time": "2024-12-10T16:36:00Z", - "sha256": "fc15aa1d751234e5745e574c231b115651eabcabe57c388a812df37d7f96a877", - "source": "ossf-package-analysis", "versions": [ "100.3.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "24b2dc0e1b956b76c550587e90653267b618f257e8f5243aa8df3c04b3002e89", + "import_time": "2024-12-20T00:32:39.520834938Z", + "id": "GHSA-w8m2-j4hh-q879", + "modified_time": "2024-12-19T11:12:45Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/df-npm-placeholder/MAL-0000-ghsa-malware-8ca19a9fddea96b9.json b/osv/malicious/npm/df-npm-placeholder/MAL-2024-11967.json similarity index 63% rename from osv/malicious/npm/df-npm-placeholder/MAL-0000-ghsa-malware-8ca19a9fddea96b9.json rename to osv/malicious/npm/df-npm-placeholder/MAL-2024-11967.json index c0f885be7..63cbdf7b0 100644 --- a/osv/malicious/npm/df-npm-placeholder/MAL-0000-ghsa-malware-8ca19a9fddea96b9.json +++ b/osv/malicious/npm/df-npm-placeholder/MAL-2024-11967.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:02Z", "published": "2024-12-19T10:56:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11967", "aliases": [ "GHSA-49xw-gwr7-6r5r" ], - "summary": "Malware in df-npm-placeholder", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in df-npm-placeholder (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (8ca19a9fddea96b90fa1c519971de9c83dfbe33992a851aef82c1d5810f7b7dc)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-49xw-gwr7-6r5r" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "8ca19a9fddea96b90fa1c519971de9c83dfbe33992a851aef82c1d5810f7b7dc", - "import_time": "2024-12-20T00:32:39.380449344Z", "id": "GHSA-49xw-gwr7-6r5r", + "import_time": "2024-12-20T00:32:39.380449344Z", "modified_time": "2024-12-19T10:56:02Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "8ca19a9fddea96b90fa1c519971de9c83dfbe33992a851aef82c1d5810f7b7dc", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/dhp-http-lib/MAL-0000-ghsa-malware-4e3bd8d790ed5b42.json b/osv/malicious/npm/dhp-http-lib/MAL-2024-11968.json similarity index 63% rename from osv/malicious/npm/dhp-http-lib/MAL-0000-ghsa-malware-4e3bd8d790ed5b42.json rename to osv/malicious/npm/dhp-http-lib/MAL-2024-11968.json index 1dc3c9bf7..122419811 100644 --- a/osv/malicious/npm/dhp-http-lib/MAL-0000-ghsa-malware-4e3bd8d790ed5b42.json +++ b/osv/malicious/npm/dhp-http-lib/MAL-2024-11968.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:24:20Z", "published": "2024-12-19T11:24:20Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11968", "aliases": [ "GHSA-9qm6-4226-3rwx" ], - "summary": "Malware in dhp-http-lib", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in dhp-http-lib (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (4e3bd8d790ed5b426b7b312480732dc8343670572c60141f63f9a0d7df7b8efe)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-9qm6-4226-3rwx" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "4e3bd8d790ed5b426b7b312480732dc8343670572c60141f63f9a0d7df7b8efe", - "import_time": "2024-12-20T00:32:39.428737292Z", "id": "GHSA-9qm6-4226-3rwx", + "import_time": "2024-12-20T00:32:39.428737292Z", "modified_time": "2024-12-19T11:24:20Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "4e3bd8d790ed5b426b7b312480732dc8343670572c60141f63f9a0d7df7b8efe", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/dhp-logging-lib/MAL-0000-ghsa-malware-def2cfdcf7555dce.json b/osv/malicious/npm/dhp-logging-lib/MAL-0000-ghsa-malware-def2cfdcf7555dce.json deleted file mode 100644 index dd0d1a1fa..000000000 --- a/osv/malicious/npm/dhp-logging-lib/MAL-0000-ghsa-malware-def2cfdcf7555dce.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:31:11Z", - "published": "2024-12-19T11:31:11Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-gwp6-949q-v3r7" - ], - "summary": "Malware in dhp-logging-lib", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "dhp-logging-lib" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-gwp6-949q-v3r7" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-gwp6-949q-v3r7" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "def2cfdcf7555dce8bc6545670a20f1748d6588683a817bc7d922f42c8e9cd43", - "import_time": "2024-12-20T00:32:39.458450596Z", - "id": "GHSA-gwp6-949q-v3r7", - "modified_time": "2024-12-19T11:31:11Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/dhp-logging-lib/MAL-2024-11769.json b/osv/malicious/npm/dhp-logging-lib/MAL-2024-11769.json index ba18ba1e8..09cbf9d21 100644 --- a/osv/malicious/npm/dhp-logging-lib/MAL-2024-11769.json +++ b/osv/malicious/npm/dhp-logging-lib/MAL-2024-11769.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-09T10:11:53Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-09T10:11:53Z", "schema_version": "1.5.0", "id": "MAL-2024-11769", + "aliases": [ + "GHSA-gwp6-949q-v3r7" + ], "summary": "Malicious code in dhp-logging-lib (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (174031514bb3c2081a47c87111add78b2e52fb05e93d0f0a9ab964301524a3e6)\nThe OpenSSF Package Analysis project identified 'dhp-logging-lib' @ 7.2.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (def2cfdcf7555dce8bc6545670a20f1748d6588683a817bc7d922f42c8e9cd43)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (174031514bb3c2081a47c87111add78b2e52fb05e93d0f0a9ab964301524a3e6)\nThe OpenSSF Package Analysis project identified 'dhp-logging-lib' @ 7.2.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "dhp-logging-lib" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "7.2.7" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-gwp6-949q-v3r7" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "174031514bb3c2081a47c87111add78b2e52fb05e93d0f0a9ab964301524a3e6", "import_time": "2024-12-11T00:49:36.056148901Z", "modified_time": "2024-12-09T10:11:53Z", - "sha256": "174031514bb3c2081a47c87111add78b2e52fb05e93d0f0a9ab964301524a3e6", - "source": "ossf-package-analysis", "versions": [ "7.2.7" ] + }, + { + "source": "ghsa-malware", + "sha256": "def2cfdcf7555dce8bc6545670a20f1748d6588683a817bc7d922f42c8e9cd43", + "import_time": "2024-12-20T00:32:39.458450596Z", + "id": "GHSA-gwp6-949q-v3r7", + "modified_time": "2024-12-19T11:31:11Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/docusaurus-extensions/MAL-0000-ghsa-malware-99775db155b8a861.json b/osv/malicious/npm/docusaurus-extensions/MAL-2024-11969.json similarity index 63% rename from osv/malicious/npm/docusaurus-extensions/MAL-0000-ghsa-malware-99775db155b8a861.json rename to osv/malicious/npm/docusaurus-extensions/MAL-2024-11969.json index f7a43e254..8a27cc71a 100644 --- a/osv/malicious/npm/docusaurus-extensions/MAL-0000-ghsa-malware-99775db155b8a861.json +++ b/osv/malicious/npm/docusaurus-extensions/MAL-2024-11969.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:13:20Z", "published": "2024-12-19T11:13:19Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11969", "aliases": [ "GHSA-qcqf-x439-v672" ], - "summary": "Malware in docusaurus-extensions", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in docusaurus-extensions (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (99775db155b8a86158ff592e554afaaa639d5e3c1b467c6e374fbb1925333cbb)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-qcqf-x439-v672" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "99775db155b8a86158ff592e554afaaa639d5e3c1b467c6e374fbb1925333cbb", - "import_time": "2024-12-20T00:32:39.49645022Z", "id": "GHSA-qcqf-x439-v672", + "import_time": "2024-12-20T00:32:39.49645022Z", "modified_time": "2024-12-19T11:13:20Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "99775db155b8a86158ff592e554afaaa639d5e3c1b467c6e374fbb1925333cbb", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/easytint/MAL-0000-ghsa-malware-6e5495864d81fba8.json b/osv/malicious/npm/easytint/MAL-2024-11970.json similarity index 63% rename from osv/malicious/npm/easytint/MAL-0000-ghsa-malware-6e5495864d81fba8.json rename to osv/malicious/npm/easytint/MAL-2024-11970.json index 166703d72..5ae2ace1b 100644 --- a/osv/malicious/npm/easytint/MAL-0000-ghsa-malware-6e5495864d81fba8.json +++ b/osv/malicious/npm/easytint/MAL-2024-11970.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:14:14Z", "published": "2024-12-19T11:14:14Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11970", "aliases": [ "GHSA-47j6-x8fj-7rmx" ], - "summary": "Malware in easytint", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in easytint (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (6e5495864d81fba85645e204088cd7376227401f94eb66f80f2189223f3e167b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-47j6-x8fj-7rmx" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "6e5495864d81fba85645e204088cd7376227401f94eb66f80f2189223f3e167b", - "import_time": "2024-12-20T00:32:39.379556042Z", "id": "GHSA-47j6-x8fj-7rmx", + "import_time": "2024-12-20T00:32:39.379556042Z", "modified_time": "2024-12-19T11:14:14Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "6e5495864d81fba85645e204088cd7376227401f94eb66f80f2189223f3e167b", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/eb-docs/MAL-0000-ghsa-malware-ab4350e0e76a01eb.json b/osv/malicious/npm/eb-docs/MAL-2024-11971.json similarity index 63% rename from osv/malicious/npm/eb-docs/MAL-0000-ghsa-malware-ab4350e0e76a01eb.json rename to osv/malicious/npm/eb-docs/MAL-2024-11971.json index b690db875..b9b547907 100644 --- a/osv/malicious/npm/eb-docs/MAL-0000-ghsa-malware-ab4350e0e76a01eb.json +++ b/osv/malicious/npm/eb-docs/MAL-2024-11971.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:15:44Z", "published": "2024-12-19T11:15:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11971", "aliases": [ "GHSA-j53q-8jcr-v268" ], - "summary": "Malware in eb-docs", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in eb-docs (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (ab4350e0e76a01ebf4e3e3692784f26c112499d024ac9b24f8fe322f09ceebfe)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-j53q-8jcr-v268" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "ab4350e0e76a01ebf4e3e3692784f26c112499d024ac9b24f8fe322f09ceebfe", - "import_time": "2024-12-20T00:32:39.470767194Z", "id": "GHSA-j53q-8jcr-v268", + "import_time": "2024-12-20T00:32:39.470767194Z", "modified_time": "2024-12-19T11:15:44Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "ab4350e0e76a01ebf4e3e3692784f26c112499d024ac9b24f8fe322f09ceebfe", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/ecpfs-authority/MAL-0000-ghsa-malware-5333a0ce742bf60d.json b/osv/malicious/npm/ecpfs-authority/MAL-2024-11972.json similarity index 63% rename from osv/malicious/npm/ecpfs-authority/MAL-0000-ghsa-malware-5333a0ce742bf60d.json rename to osv/malicious/npm/ecpfs-authority/MAL-2024-11972.json index 1ece08aff..75a2eeaf0 100644 --- a/osv/malicious/npm/ecpfs-authority/MAL-0000-ghsa-malware-5333a0ce742bf60d.json +++ b/osv/malicious/npm/ecpfs-authority/MAL-2024-11972.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:17:10Z", "published": "2024-12-19T11:17:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11972", "aliases": [ "GHSA-wp7w-r523-5xw6" ], - "summary": "Malware in ecpfs-authority", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in ecpfs-authority (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (5333a0ce742bf60d678021234a8e4eef2260966cf5fc8f50bd63a6bce7669e07)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-wp7w-r523-5xw6" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "5333a0ce742bf60d678021234a8e4eef2260966cf5fc8f50bd63a6bce7669e07", - "import_time": "2024-12-20T00:32:39.525258138Z", "id": "GHSA-wp7w-r523-5xw6", + "import_time": "2024-12-20T00:32:39.525258138Z", "modified_time": "2024-12-19T11:17:10Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "5333a0ce742bf60d678021234a8e4eef2260966cf5fc8f50bd63a6bce7669e07", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/ecpfs-react-build-scripts/MAL-0000-ghsa-malware-4aa038b17c743c2c.json b/osv/malicious/npm/ecpfs-react-build-scripts/MAL-2024-11973.json similarity index 63% rename from osv/malicious/npm/ecpfs-react-build-scripts/MAL-0000-ghsa-malware-4aa038b17c743c2c.json rename to osv/malicious/npm/ecpfs-react-build-scripts/MAL-2024-11973.json index ba0080d66..dd89dd9f9 100644 --- a/osv/malicious/npm/ecpfs-react-build-scripts/MAL-0000-ghsa-malware-4aa038b17c743c2c.json +++ b/osv/malicious/npm/ecpfs-react-build-scripts/MAL-2024-11973.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:17:10Z", "published": "2024-12-19T11:17:10Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11973", "aliases": [ "GHSA-4p78-x379-7g8g" ], - "summary": "Malware in ecpfs-react-build-scripts", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in ecpfs-react-build-scripts (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (4aa038b17c743c2c728e2687e0f828cbd3b0a8934efb7637a1bdc9879882abf3)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-4p78-x379-7g8g" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "4aa038b17c743c2c728e2687e0f828cbd3b0a8934efb7637a1bdc9879882abf3", - "import_time": "2024-12-20T00:32:39.382895336Z", "id": "GHSA-4p78-x379-7g8g", + "import_time": "2024-12-20T00:32:39.382895336Z", "modified_time": "2024-12-19T11:17:10Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "4aa038b17c743c2c728e2687e0f828cbd3b0a8934efb7637a1bdc9879882abf3", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/ecpfs-react-data-driven-components/MAL-0000-ghsa-malware-d8380a709c782f20.json b/osv/malicious/npm/ecpfs-react-data-driven-components/MAL-2024-11974.json similarity index 62% rename from osv/malicious/npm/ecpfs-react-data-driven-components/MAL-0000-ghsa-malware-d8380a709c782f20.json rename to osv/malicious/npm/ecpfs-react-data-driven-components/MAL-2024-11974.json index 795406ad7..daaba5e64 100644 --- a/osv/malicious/npm/ecpfs-react-data-driven-components/MAL-0000-ghsa-malware-d8380a709c782f20.json +++ b/osv/malicious/npm/ecpfs-react-data-driven-components/MAL-2024-11974.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:17:10Z", "published": "2024-12-19T11:17:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11974", "aliases": [ "GHSA-9hxj-6rx6-rmmv" ], - "summary": "Malware in ecpfs-react-data-driven-components", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in ecpfs-react-data-driven-components (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d8380a709c782f2024d272f1ff935fda6cc8d7258a5c46da5d6e86997cc1ccee)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-9hxj-6rx6-rmmv" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d8380a709c782f2024d272f1ff935fda6cc8d7258a5c46da5d6e86997cc1ccee", - "import_time": "2024-12-20T00:32:39.425211942Z", "id": "GHSA-9hxj-6rx6-rmmv", + "import_time": "2024-12-20T00:32:39.425211942Z", "modified_time": "2024-12-19T11:17:10Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d8380a709c782f2024d272f1ff935fda6cc8d7258a5c46da5d6e86997cc1ccee", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/eip-681-qr-generator/MAL-0000-ghsa-malware-d6d992f1267c6eb7.json b/osv/malicious/npm/eip-681-qr-generator/MAL-2024-11975.json similarity index 63% rename from osv/malicious/npm/eip-681-qr-generator/MAL-0000-ghsa-malware-d6d992f1267c6eb7.json rename to osv/malicious/npm/eip-681-qr-generator/MAL-2024-11975.json index f3ba6b89a..492ce186f 100644 --- a/osv/malicious/npm/eip-681-qr-generator/MAL-0000-ghsa-malware-d6d992f1267c6eb7.json +++ b/osv/malicious/npm/eip-681-qr-generator/MAL-2024-11975.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:52:28Z", "published": "2024-12-19T10:52:27Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11975", "aliases": [ "GHSA-9493-xh8j-c2f7" ], - "summary": "Malware in eip-681-qr-generator", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in eip-681-qr-generator (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d6d992f1267c6eb7db2bca81d0ea6f421daa4852af6172164111cf8b51ffbbe7)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-9493-xh8j-c2f7" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d6d992f1267c6eb7db2bca81d0ea6f421daa4852af6172164111cf8b51ffbbe7", - "import_time": "2024-12-20T00:32:39.419610509Z", "id": "GHSA-9493-xh8j-c2f7", + "import_time": "2024-12-20T00:32:39.419610509Z", "modified_time": "2024-12-19T10:52:28Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d6d992f1267c6eb7db2bca81d0ea6f421daa4852af6172164111cf8b51ffbbe7", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/ens-app-v2/MAL-0000-ghsa-malware-3332aa2e460c5078.json b/osv/malicious/npm/ens-app-v2/MAL-0000-ghsa-malware-3332aa2e460c5078.json deleted file mode 100644 index ca197f18c..000000000 --- a/osv/malicious/npm/ens-app-v2/MAL-0000-ghsa-malware-3332aa2e460c5078.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:02:32Z", - "published": "2024-12-19T11:02:23Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-2rff-2vgr-w2x4" - ], - "summary": "Malware in ens-app-v2", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "ens-app-v2" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-2rff-2vgr-w2x4" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-2rff-2vgr-w2x4" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "3332aa2e460c5078abc70574b16848871805818907149c50a3d7842e2a93007d", - "import_time": "2024-12-20T00:32:39.366738443Z", - "id": "GHSA-2rff-2vgr-w2x4", - "modified_time": "2024-12-19T11:02:32Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/ens-app-v2/MAL-2024-10884.json b/osv/malicious/npm/ens-app-v2/MAL-2024-10884.json index d0837577d..02d806103 100644 --- a/osv/malicious/npm/ens-app-v2/MAL-2024-10884.json +++ b/osv/malicious/npm/ens-app-v2/MAL-2024-10884.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-23T00:25:36Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-11-23T00:25:36Z", "schema_version": "1.5.0", "id": "MAL-2024-10884", + "aliases": [ + "GHSA-2rff-2vgr-w2x4" + ], "summary": "Malicious code in ens-app-v2 (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (0b3a2fe432575e9fc7fc5c5ffc41fe34a216c0eefd6e29c9a2578beb1fad2731)\nThe OpenSSF Package Analysis project identified 'ens-app-v2' @ 6.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (3332aa2e460c5078abc70574b16848871805818907149c50a3d7842e2a93007d)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (0b3a2fe432575e9fc7fc5c5ffc41fe34a216c0eefd6e29c9a2578beb1fad2731)\nThe OpenSSF Package Analysis project identified 'ens-app-v2' @ 6.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "ens-app-v2" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "6.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-2rff-2vgr-w2x4" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "0b3a2fe432575e9fc7fc5c5ffc41fe34a216c0eefd6e29c9a2578beb1fad2731", "import_time": "2024-11-23T00:49:14.395896289Z", "modified_time": "2024-11-23T00:25:36Z", - "sha256": "0b3a2fe432575e9fc7fc5c5ffc41fe34a216c0eefd6e29c9a2578beb1fad2731", - "source": "ossf-package-analysis", "versions": [ "6.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "3332aa2e460c5078abc70574b16848871805818907149c50a3d7842e2a93007d", + "import_time": "2024-12-20T00:32:39.366738443Z", + "id": "GHSA-2rff-2vgr-w2x4", + "modified_time": "2024-12-19T11:02:32Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/eritiopitop/MAL-0000-ghsa-malware-d15b644f2a4d79a0.json b/osv/malicious/npm/eritiopitop/MAL-2024-11976.json similarity index 63% rename from osv/malicious/npm/eritiopitop/MAL-0000-ghsa-malware-d15b644f2a4d79a0.json rename to osv/malicious/npm/eritiopitop/MAL-2024-11976.json index 35c0f8cce..12a8297d1 100644 --- a/osv/malicious/npm/eritiopitop/MAL-0000-ghsa-malware-d15b644f2a4d79a0.json +++ b/osv/malicious/npm/eritiopitop/MAL-2024-11976.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:18:04Z", "published": "2024-12-19T11:18:04Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11976", "aliases": [ "GHSA-9q7f-pwcj-4vq5" ], - "summary": "Malware in eritiopitop", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in eritiopitop (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d15b644f2a4d79a062d6c3a7af975bc368236569d54382196034bcb9a8f42938)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-9q7f-pwcj-4vq5" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d15b644f2a4d79a062d6c3a7af975bc368236569d54382196034bcb9a8f42938", - "import_time": "2024-12-20T00:32:39.427087442Z", "id": "GHSA-9q7f-pwcj-4vq5", + "import_time": "2024-12-20T00:32:39.427087442Z", "modified_time": "2024-12-19T11:18:04Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d15b644f2a4d79a062d6c3a7af975bc368236569d54382196034bcb9a8f42938", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/eslint-config-extraterm/MAL-0000-ghsa-malware-7ac174483503687a.json b/osv/malicious/npm/eslint-config-extraterm/MAL-2024-11977.json similarity index 63% rename from osv/malicious/npm/eslint-config-extraterm/MAL-0000-ghsa-malware-7ac174483503687a.json rename to osv/malicious/npm/eslint-config-extraterm/MAL-2024-11977.json index bc0a98e9d..ddf4fe753 100644 --- a/osv/malicious/npm/eslint-config-extraterm/MAL-0000-ghsa-malware-7ac174483503687a.json +++ b/osv/malicious/npm/eslint-config-extraterm/MAL-2024-11977.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:19:35Z", "published": "2024-12-19T11:19:34Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11977", "aliases": [ "GHSA-p4gc-pp89-4gq5" ], - "summary": "Malware in eslint-config-extraterm", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in eslint-config-extraterm (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (7ac174483503687af78d8c768a2f9fa3abad4e982d193634c81b8870484ae360)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-p4gc-pp89-4gq5" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "7ac174483503687af78d8c768a2f9fa3abad4e982d193634c81b8870484ae360", - "import_time": "2024-12-20T00:32:39.483610817Z", "id": "GHSA-p4gc-pp89-4gq5", + "import_time": "2024-12-20T00:32:39.483610817Z", "modified_time": "2024-12-19T11:19:35Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "7ac174483503687af78d8c768a2f9fa3abad4e982d193634c81b8870484ae360", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/eslint-config-sunset-nodejs/MAL-0000-ghsa-malware-042f734df520ee49.json b/osv/malicious/npm/eslint-config-sunset-nodejs/MAL-0000-ghsa-malware-042f734df520ee49.json deleted file mode 100644 index 378429004..000000000 --- a/osv/malicious/npm/eslint-config-sunset-nodejs/MAL-0000-ghsa-malware-042f734df520ee49.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:21:55Z", - "published": "2024-12-19T11:21:55Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-fxg4-7x75-wwmf" - ], - "summary": "Malware in eslint-config-sunset-nodejs", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "eslint-config-sunset-nodejs" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-fxg4-7x75-wwmf" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-fxg4-7x75-wwmf" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "042f734df520ee49c1cf44e40629e136159746964c87533d226f02be765e956e", - "import_time": "2024-12-20T00:32:39.449939718Z", - "id": "GHSA-fxg4-7x75-wwmf", - "modified_time": "2024-12-19T11:21:55Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/eslint-config-sunset-nodejs/MAL-2024-11166.json b/osv/malicious/npm/eslint-config-sunset-nodejs/MAL-2024-11166.json index 9b22787a8..ce81d9581 100644 --- a/osv/malicious/npm/eslint-config-sunset-nodejs/MAL-2024-11166.json +++ b/osv/malicious/npm/eslint-config-sunset-nodejs/MAL-2024-11166.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T07:51:32Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-01T07:51:32Z", "schema_version": "1.5.0", "id": "MAL-2024-11166", + "aliases": [ + "GHSA-fxg4-7x75-wwmf" + ], "summary": "Malicious code in eslint-config-sunset-nodejs (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (0757ee29b510bd2d42b96005a15f1314da84fe82c90460d7b55333950c928dbd)\nThe OpenSSF Package Analysis project identified 'eslint-config-sunset-nodejs' @ 10.4.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (042f734df520ee49c1cf44e40629e136159746964c87533d226f02be765e956e)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (0757ee29b510bd2d42b96005a15f1314da84fe82c90460d7b55333950c928dbd)\nThe OpenSSF Package Analysis project identified 'eslint-config-sunset-nodejs' @ 10.4.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "eslint-config-sunset-nodejs" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "10.4.6" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-fxg4-7x75-wwmf" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "0757ee29b510bd2d42b96005a15f1314da84fe82c90460d7b55333950c928dbd", "import_time": "2024-12-02T11:05:09.107267703Z", "modified_time": "2024-12-01T07:51:32Z", - "sha256": "0757ee29b510bd2d42b96005a15f1314da84fe82c90460d7b55333950c928dbd", - "source": "ossf-package-analysis", "versions": [ "10.4.6" ] + }, + { + "source": "ghsa-malware", + "sha256": "042f734df520ee49c1cf44e40629e136159746964c87533d226f02be765e956e", + "import_time": "2024-12-20T00:32:39.449939718Z", + "id": "GHSA-fxg4-7x75-wwmf", + "modified_time": "2024-12-19T11:21:55Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/evil-package-for-test2/MAL-0000-ghsa-malware-d141529121b568f8.json b/osv/malicious/npm/evil-package-for-test2/MAL-2024-11978.json similarity index 63% rename from osv/malicious/npm/evil-package-for-test2/MAL-0000-ghsa-malware-d141529121b568f8.json rename to osv/malicious/npm/evil-package-for-test2/MAL-2024-11978.json index 05987750b..a88bb0e4a 100644 --- a/osv/malicious/npm/evil-package-for-test2/MAL-0000-ghsa-malware-d141529121b568f8.json +++ b/osv/malicious/npm/evil-package-for-test2/MAL-2024-11978.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:23:10Z", "published": "2024-12-19T11:23:10Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11978", "aliases": [ "GHSA-2359-qr59-w863" ], - "summary": "Malware in evil-package-for-test2", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in evil-package-for-test2 (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d141529121b568f8705000de163ace0e815677592f10b3a603b92431e105aefe)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-2359-qr59-w863" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d141529121b568f8705000de163ace0e815677592f10b3a603b92431e105aefe", - "import_time": "2024-12-20T00:32:39.357975821Z", "id": "GHSA-2359-qr59-w863", + "import_time": "2024-12-20T00:32:39.357975821Z", "modified_time": "2024-12-19T11:23:10Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d141529121b568f8705000de163ace0e815677592f10b3a603b92431e105aefe", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/firebase-simple-login/MAL-0000-ghsa-malware-541b3c62a7c126ad.json b/osv/malicious/npm/firebase-simple-login/MAL-2024-11979.json similarity index 63% rename from osv/malicious/npm/firebase-simple-login/MAL-0000-ghsa-malware-541b3c62a7c126ad.json rename to osv/malicious/npm/firebase-simple-login/MAL-2024-11979.json index 43d4fe869..82c7e4f47 100644 --- a/osv/malicious/npm/firebase-simple-login/MAL-0000-ghsa-malware-541b3c62a7c126ad.json +++ b/osv/malicious/npm/firebase-simple-login/MAL-2024-11979.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:24:20Z", "published": "2024-12-19T11:24:20Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11979", "aliases": [ "GHSA-9j33-4ccf-4vwp" ], - "summary": "Malware in firebase-simple-login", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in firebase-simple-login (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (541b3c62a7c126ad171a84641ec64d4092d4673fad72c457090bbde0110a2fbc)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-9j33-4ccf-4vwp" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "541b3c62a7c126ad171a84641ec64d4092d4673fad72c457090bbde0110a2fbc", - "import_time": "2024-12-20T00:32:39.426270101Z", "id": "GHSA-9j33-4ccf-4vwp", + "import_time": "2024-12-20T00:32:39.426270101Z", "modified_time": "2024-12-19T11:24:20Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "541b3c62a7c126ad171a84641ec64d4092d4673fad72c457090bbde0110a2fbc", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/flpweb/MAL-0000-ghsa-malware-1990c310aa0a3cd0.json b/osv/malicious/npm/flpweb/MAL-0000-ghsa-malware-1990c310aa0a3cd0.json deleted file mode 100644 index 3e08261dd..000000000 --- a/osv/malicious/npm/flpweb/MAL-0000-ghsa-malware-1990c310aa0a3cd0.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:26:41Z", - "published": "2024-12-19T11:26:40Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-px8h-fpg3-6x77" - ], - "summary": "Malware in flpweb", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "flpweb" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-px8h-fpg3-6x77" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-px8h-fpg3-6x77" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "1990c310aa0a3cd0c27f4306fe0f81385afb6c137acc4f6b1c42ea5ceb3a4845", - "import_time": "2024-12-20T00:32:39.490892506Z", - "id": "GHSA-px8h-fpg3-6x77", - "modified_time": "2024-12-19T11:26:41Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/flpweb/MAL-2024-11157.json b/osv/malicious/npm/flpweb/MAL-2024-11157.json index 827fa3809..493f885ca 100644 --- a/osv/malicious/npm/flpweb/MAL-2024-11157.json +++ b/osv/malicious/npm/flpweb/MAL-2024-11157.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-30T04:36:54Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-11-30T04:36:54Z", "schema_version": "1.5.0", "id": "MAL-2024-11157", + "aliases": [ + "GHSA-px8h-fpg3-6x77" + ], "summary": "Malicious code in flpweb (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (7a51bf26e0ab8b1974dd6193d5f56f789ef297e562f740eb029c51b7c03efe9a)\nThe OpenSSF Package Analysis project identified 'flpweb' @ 2.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (1990c310aa0a3cd0c27f4306fe0f81385afb6c137acc4f6b1c42ea5ceb3a4845)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (7a51bf26e0ab8b1974dd6193d5f56f789ef297e562f740eb029c51b7c03efe9a)\nThe OpenSSF Package Analysis project identified 'flpweb' @ 2.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "flpweb" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "2.0.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-px8h-fpg3-6x77" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "7a51bf26e0ab8b1974dd6193d5f56f789ef297e562f740eb029c51b7c03efe9a", "import_time": "2024-11-30T04:37:36.591948398Z", "modified_time": "2024-11-30T04:36:54Z", - "sha256": "7a51bf26e0ab8b1974dd6193d5f56f789ef297e562f740eb029c51b7c03efe9a", - "source": "ossf-package-analysis", "versions": [ "2.0.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "1990c310aa0a3cd0c27f4306fe0f81385afb6c137acc4f6b1c42ea5ceb3a4845", + "import_time": "2024-12-20T00:32:39.490892506Z", + "id": "GHSA-px8h-fpg3-6x77", + "modified_time": "2024-12-19T11:26:41Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/fluid-renderer/MAL-0000-ghsa-malware-6c91755cc441a577.json b/osv/malicious/npm/fluid-renderer/MAL-2024-11980.json similarity index 63% rename from osv/malicious/npm/fluid-renderer/MAL-0000-ghsa-malware-6c91755cc441a577.json rename to osv/malicious/npm/fluid-renderer/MAL-2024-11980.json index 51e63163f..08e466214 100644 --- a/osv/malicious/npm/fluid-renderer/MAL-0000-ghsa-malware-6c91755cc441a577.json +++ b/osv/malicious/npm/fluid-renderer/MAL-2024-11980.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:31:11Z", "published": "2024-12-19T11:31:10Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11980", "aliases": [ "GHSA-3j3m-h542-fmfh" ], - "summary": "Malware in fluid-renderer", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in fluid-renderer (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (6c91755cc441a577f7a891af00b7ad8e1a9de715f40002af3df668be2b19d571)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-3j3m-h542-fmfh" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "6c91755cc441a577f7a891af00b7ad8e1a9de715f40002af3df668be2b19d571", - "import_time": "2024-12-20T00:32:39.376057203Z", "id": "GHSA-3j3m-h542-fmfh", + "import_time": "2024-12-20T00:32:39.376057203Z", "modified_time": "2024-12-19T11:31:11Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "6c91755cc441a577f7a891af00b7ad8e1a9de715f40002af3df668be2b19d571", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/fluid-tooltip/MAL-0000-ghsa-malware-f5d371b6c8c79503.json b/osv/malicious/npm/fluid-tooltip/MAL-0000-ghsa-malware-f5d371b6c8c79503.json deleted file mode 100644 index 969d437cd..000000000 --- a/osv/malicious/npm/fluid-tooltip/MAL-0000-ghsa-malware-f5d371b6c8c79503.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:31:51Z", - "published": "2024-12-19T11:31:46Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-3rf5-6vxj-xq72" - ], - "summary": "Malware in fluid-tooltip", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "fluid-tooltip" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-3rf5-6vxj-xq72" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-3rf5-6vxj-xq72" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "f5d371b6c8c7950311649323e234550b5c9c644c9a9e2aada8180962d6dab886", - "import_time": "2024-12-20T00:32:39.377112586Z", - "id": "GHSA-3rf5-6vxj-xq72", - "modified_time": "2024-12-19T11:31:51Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/fluid-tooltip/MAL-2024-11167.json b/osv/malicious/npm/fluid-tooltip/MAL-2024-11167.json index 051cdf800..ff9be5b71 100644 --- a/osv/malicious/npm/fluid-tooltip/MAL-2024-11167.json +++ b/osv/malicious/npm/fluid-tooltip/MAL-2024-11167.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T09:23:12Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-01T09:23:12Z", "schema_version": "1.5.0", "id": "MAL-2024-11167", + "aliases": [ + "GHSA-3rf5-6vxj-xq72" + ], "summary": "Malicious code in fluid-tooltip (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (b6122622c2c0a1148d3aaa112aecd7878b80bded57762c2d51ac81554873cf9f)\nThe OpenSSF Package Analysis project identified 'fluid-tooltip' @ 5.3.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (f5d371b6c8c7950311649323e234550b5c9c644c9a9e2aada8180962d6dab886)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (b6122622c2c0a1148d3aaa112aecd7878b80bded57762c2d51ac81554873cf9f)\nThe OpenSSF Package Analysis project identified 'fluid-tooltip' @ 5.3.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "fluid-tooltip" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "5.3.6" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-3rf5-6vxj-xq72" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "b6122622c2c0a1148d3aaa112aecd7878b80bded57762c2d51ac81554873cf9f", "import_time": "2024-12-02T11:05:09.186947936Z", "modified_time": "2024-12-01T09:23:12Z", - "sha256": "b6122622c2c0a1148d3aaa112aecd7878b80bded57762c2d51ac81554873cf9f", - "source": "ossf-package-analysis", "versions": [ "5.3.6" ] + }, + { + "source": "ghsa-malware", + "sha256": "f5d371b6c8c7950311649323e234550b5c9c644c9a9e2aada8180962d6dab886", + "import_time": "2024-12-20T00:32:39.377112586Z", + "id": "GHSA-3rf5-6vxj-xq72", + "modified_time": "2024-12-19T11:31:51Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/gatsby-plugin-guru-export/MAL-0000-ghsa-malware-912f6f1165eb394f.json b/osv/malicious/npm/gatsby-plugin-guru-export/MAL-2024-11981.json similarity index 63% rename from osv/malicious/npm/gatsby-plugin-guru-export/MAL-0000-ghsa-malware-912f6f1165eb394f.json rename to osv/malicious/npm/gatsby-plugin-guru-export/MAL-2024-11981.json index 061b0895d..71e80f0a1 100644 --- a/osv/malicious/npm/gatsby-plugin-guru-export/MAL-0000-ghsa-malware-912f6f1165eb394f.json +++ b/osv/malicious/npm/gatsby-plugin-guru-export/MAL-2024-11981.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:41:42Z", "published": "2024-12-19T11:41:41Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11981", "aliases": [ "GHSA-r4gf-53gg-w7f7" ], - "summary": "Malware in gatsby-plugin-guru-export", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in gatsby-plugin-guru-export (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (912f6f1165eb394f25eeb94476e000407a49ad251e6c6fbd9abb3c42130a9b8e)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-r4gf-53gg-w7f7" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "912f6f1165eb394f25eeb94476e000407a49ad251e6c6fbd9abb3c42130a9b8e", - "import_time": "2024-12-20T00:32:39.501872775Z", "id": "GHSA-r4gf-53gg-w7f7", + "import_time": "2024-12-20T00:32:39.501872775Z", "modified_time": "2024-12-19T11:41:42Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "912f6f1165eb394f25eeb94476e000407a49ad251e6c6fbd9abb3c42130a9b8e", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/gft-model-utils/MAL-0000-ghsa-malware-9b553d507e20e5d9.json b/osv/malicious/npm/gft-model-utils/MAL-2024-11982.json similarity index 63% rename from osv/malicious/npm/gft-model-utils/MAL-0000-ghsa-malware-9b553d507e20e5d9.json rename to osv/malicious/npm/gft-model-utils/MAL-2024-11982.json index 341d4e6ef..182bd13d7 100644 --- a/osv/malicious/npm/gft-model-utils/MAL-0000-ghsa-malware-9b553d507e20e5d9.json +++ b/osv/malicious/npm/gft-model-utils/MAL-2024-11982.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:42:52Z", "published": "2024-12-19T11:42:51Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11982", "aliases": [ "GHSA-726w-4g7h-crc9" ], - "summary": "Malware in gft-model-utils", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in gft-model-utils (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (9b553d507e20e5d98f5bb1934bad6b5d49d32085028d96603c5eceb371c3851e)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-726w-4g7h-crc9" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "9b553d507e20e5d98f5bb1934bad6b5d49d32085028d96603c5eceb371c3851e", - "import_time": "2024-12-20T00:32:39.402185276Z", "id": "GHSA-726w-4g7h-crc9", + "import_time": "2024-12-20T00:32:39.402185276Z", "modified_time": "2024-12-19T11:42:52Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "9b553d507e20e5d98f5bb1934bad6b5d49d32085028d96603c5eceb371c3851e", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/gft-sam-connector/MAL-0000-ghsa-malware-7e518541b06a8fad.json b/osv/malicious/npm/gft-sam-connector/MAL-2024-11983.json similarity index 63% rename from osv/malicious/npm/gft-sam-connector/MAL-0000-ghsa-malware-7e518541b06a8fad.json rename to osv/malicious/npm/gft-sam-connector/MAL-2024-11983.json index da1b68c42..6e1ee7f38 100644 --- a/osv/malicious/npm/gft-sam-connector/MAL-0000-ghsa-malware-7e518541b06a8fad.json +++ b/osv/malicious/npm/gft-sam-connector/MAL-2024-11983.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:42:52Z", "published": "2024-12-19T11:42:51Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11983", "aliases": [ "GHSA-8728-8ffg-7p36" ], - "summary": "Malware in gft-sam-connector", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in gft-sam-connector (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (7e518541b06a8fad0288da6a0e31b730a6044da6a63fdfe2d8a471d90aac7655)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-8728-8ffg-7p36" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "7e518541b06a8fad0288da6a0e31b730a6044da6a63fdfe2d8a471d90aac7655", - "import_time": "2024-12-20T00:32:39.410837433Z", "id": "GHSA-8728-8ffg-7p36", + "import_time": "2024-12-20T00:32:39.410837433Z", "modified_time": "2024-12-19T11:42:52Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "7e518541b06a8fad0288da6a0e31b730a6044da6a63fdfe2d8a471d90aac7655", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/gft-view-helpers/MAL-0000-ghsa-malware-c12651d76770f09b.json b/osv/malicious/npm/gft-view-helpers/MAL-2024-11984.json similarity index 63% rename from osv/malicious/npm/gft-view-helpers/MAL-0000-ghsa-malware-c12651d76770f09b.json rename to osv/malicious/npm/gft-view-helpers/MAL-2024-11984.json index aaa23a2f2..b079bc014 100644 --- a/osv/malicious/npm/gft-view-helpers/MAL-0000-ghsa-malware-c12651d76770f09b.json +++ b/osv/malicious/npm/gft-view-helpers/MAL-2024-11984.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:42:56Z", "published": "2024-12-19T11:42:51Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11984", "aliases": [ "GHSA-ph93-v5qj-9vj6" ], - "summary": "Malware in gft-view-helpers", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in gft-view-helpers (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (c12651d76770f09bfa7e61edc4e020f6e33df757bbe945abc6b1c614df0717de)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-ph93-v5qj-9vj6" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "c12651d76770f09bfa7e61edc4e020f6e33df757bbe945abc6b1c614df0717de", - "import_time": "2024-12-20T00:32:39.487596553Z", "id": "GHSA-ph93-v5qj-9vj6", + "import_time": "2024-12-20T00:32:39.487596553Z", "modified_time": "2024-12-19T11:42:56Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "c12651d76770f09bfa7e61edc4e020f6e33df757bbe945abc6b1c614df0717de", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/github-account-switcher/MAL-0000-ghsa-malware-62bdf6eee34d22e2.json b/osv/malicious/npm/github-account-switcher/MAL-2024-11985.json similarity index 63% rename from osv/malicious/npm/github-account-switcher/MAL-0000-ghsa-malware-62bdf6eee34d22e2.json rename to osv/malicious/npm/github-account-switcher/MAL-2024-11985.json index 040f261f7..9b5614336 100644 --- a/osv/malicious/npm/github-account-switcher/MAL-0000-ghsa-malware-62bdf6eee34d22e2.json +++ b/osv/malicious/npm/github-account-switcher/MAL-2024-11985.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:12:44Z", "published": "2024-12-19T11:12:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11985", "aliases": [ "GHSA-3cm4-9j8q-98q6" ], - "summary": "Malware in github-account-switcher", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in github-account-switcher (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (62bdf6eee34d22e2084ec04436a9f595733194f7173e6d1498af7403f369af09)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-3cm4-9j8q-98q6" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "62bdf6eee34d22e2084ec04436a9f595733194f7173e6d1498af7403f369af09", - "import_time": "2024-12-20T00:32:39.374288552Z", "id": "GHSA-3cm4-9j8q-98q6", + "import_time": "2024-12-20T00:32:39.374288552Z", "modified_time": "2024-12-19T11:12:44Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "62bdf6eee34d22e2084ec04436a9f595733194f7173e6d1498af7403f369af09", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/github-webhook-ip-validator/MAL-0000-ghsa-malware-f79e9ee6cff5a23b.json b/osv/malicious/npm/github-webhook-ip-validator/MAL-2024-11986.json similarity index 63% rename from osv/malicious/npm/github-webhook-ip-validator/MAL-0000-ghsa-malware-f79e9ee6cff5a23b.json rename to osv/malicious/npm/github-webhook-ip-validator/MAL-2024-11986.json index 6415347cb..17be9a5f5 100644 --- a/osv/malicious/npm/github-webhook-ip-validator/MAL-0000-ghsa-malware-f79e9ee6cff5a23b.json +++ b/osv/malicious/npm/github-webhook-ip-validator/MAL-2024-11986.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:02:23Z", "published": "2024-12-19T11:02:23Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11986", "aliases": [ "GHSA-9wjm-j8qp-c5v9" ], - "summary": "Malware in github-webhook-ip-validator", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in github-webhook-ip-validator (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (f79e9ee6cff5a23b100ddebd86bfed06e6f9f7c3179df1ff6f0667b0a833ffef)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-9wjm-j8qp-c5v9" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "f79e9ee6cff5a23b100ddebd86bfed06e6f9f7c3179df1ff6f0667b0a833ffef", - "import_time": "2024-12-20T00:32:39.430464215Z", "id": "GHSA-9wjm-j8qp-c5v9", + "import_time": "2024-12-20T00:32:39.430464215Z", "modified_time": "2024-12-19T11:02:23Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "f79e9ee6cff5a23b100ddebd86bfed06e6f9f7c3179df1ff6f0667b0a833ffef", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/go-dependency-submission/MAL-0000-ghsa-malware-aa0e3837d434167d.json b/osv/malicious/npm/go-dependency-submission/MAL-2024-11987.json similarity index 63% rename from osv/malicious/npm/go-dependency-submission/MAL-0000-ghsa-malware-aa0e3837d434167d.json rename to osv/malicious/npm/go-dependency-submission/MAL-2024-11987.json index 1a93f3584..1a50b801c 100644 --- a/osv/malicious/npm/go-dependency-submission/MAL-0000-ghsa-malware-aa0e3837d434167d.json +++ b/osv/malicious/npm/go-dependency-submission/MAL-2024-11987.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:55:09Z", "published": "2024-12-19T09:55:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11987", "aliases": [ "GHSA-p887-fmjx-mg7p" ], - "summary": "Malware in go-dependency-submission", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in go-dependency-submission (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (aa0e3837d434167d18ab0ba251b0ce73d56ed83a0c773df12c8ebd99542f8eaa)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-p887-fmjx-mg7p" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "aa0e3837d434167d18ab0ba251b0ce73d56ed83a0c773df12c8ebd99542f8eaa", - "import_time": "2024-12-20T00:32:39.486810441Z", "id": "GHSA-p887-fmjx-mg7p", + "import_time": "2024-12-20T00:32:39.486810441Z", "modified_time": "2024-12-19T09:55:09Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "aa0e3837d434167d18ab0ba251b0ce73d56ed83a0c773df12c8ebd99542f8eaa", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/goworker/MAL-0000-ghsa-malware-fc41b31c8374e8df.json b/osv/malicious/npm/goworker/MAL-0000-ghsa-malware-fc41b31c8374e8df.json deleted file mode 100644 index 2d19bd9a8..000000000 --- a/osv/malicious/npm/goworker/MAL-0000-ghsa-malware-fc41b31c8374e8df.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:52:28Z", - "published": "2024-12-19T10:52:27Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-88x7-jpc5-h5m2" - ], - "summary": "Malware in goworker", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "goworker" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-88x7-jpc5-h5m2" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-88x7-jpc5-h5m2" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "fc41b31c8374e8dfb0d1a61187a9224907fd3adc6b4988f7285c3ab45891a807", - "import_time": "2024-12-20T00:32:39.411973978Z", - "id": "GHSA-88x7-jpc5-h5m2", - "modified_time": "2024-12-19T10:52:28Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/goworker/MAL-2024-11783.json b/osv/malicious/npm/goworker/MAL-2024-11783.json index 2954f6d9e..e45f9be58 100644 --- a/osv/malicious/npm/goworker/MAL-2024-11783.json +++ b/osv/malicious/npm/goworker/MAL-2024-11783.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-11T18:15:55Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-11T18:15:55Z", "schema_version": "1.5.0", "id": "MAL-2024-11783", + "aliases": [ + "GHSA-88x7-jpc5-h5m2" + ], "summary": "Malicious code in goworker (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (4725f734359a531f8c720a986a18e1be14213cdf7930a1b6994fe2cd00510d37)\nThe OpenSSF Package Analysis project identified 'goworker' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (fc41b31c8374e8dfb0d1a61187a9224907fd3adc6b4988f7285c3ab45891a807)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (4725f734359a531f8c720a986a18e1be14213cdf7930a1b6994fe2cd00510d37)\nThe OpenSSF Package Analysis project identified 'goworker' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "goworker" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-88x7-jpc5-h5m2" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "4725f734359a531f8c720a986a18e1be14213cdf7930a1b6994fe2cd00510d37", "import_time": "2024-12-11T18:40:20.370808264Z", "modified_time": "2024-12-11T18:15:55Z", - "sha256": "4725f734359a531f8c720a986a18e1be14213cdf7930a1b6994fe2cd00510d37", - "source": "ossf-package-analysis", "versions": [ "1.0.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "fc41b31c8374e8dfb0d1a61187a9224907fd3adc6b4988f7285c3ab45891a807", + "import_time": "2024-12-20T00:32:39.411973978Z", + "id": "GHSA-88x7-jpc5-h5m2", + "modified_time": "2024-12-19T10:52:28Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/gps-gateway-client/MAL-0000-ghsa-malware-7841067a161c5535.json b/osv/malicious/npm/gps-gateway-client/MAL-2024-11988.json similarity index 63% rename from osv/malicious/npm/gps-gateway-client/MAL-0000-ghsa-malware-7841067a161c5535.json rename to osv/malicious/npm/gps-gateway-client/MAL-2024-11988.json index 0f5f0eb61..9c7e052f6 100644 --- a/osv/malicious/npm/gps-gateway-client/MAL-0000-ghsa-malware-7841067a161c5535.json +++ b/osv/malicious/npm/gps-gateway-client/MAL-2024-11988.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:26:41Z", "published": "2024-12-19T11:26:40Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11988", "aliases": [ "GHSA-x5m5-xwvc-rw55" ], - "summary": "Malware in gps-gateway-client", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in gps-gateway-client (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (7841067a161c55356141a3d1e9fb8bd1922ff25291edeb0d46e708a9e6b563b1)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-x5m5-xwvc-rw55" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "7841067a161c55356141a3d1e9fb8bd1922ff25291edeb0d46e708a9e6b563b1", - "import_time": "2024-12-20T00:32:39.530605184Z", "id": "GHSA-x5m5-xwvc-rw55", + "import_time": "2024-12-20T00:32:39.530605184Z", "modified_time": "2024-12-19T11:26:41Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "7841067a161c55356141a3d1e9fb8bd1922ff25291edeb0d46e708a9e6b563b1", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/graph-studio-billing-contracts/MAL-0000-ghsa-malware-afd4325b249b7dfa.json b/osv/malicious/npm/graph-studio-billing-contracts/MAL-0000-ghsa-malware-afd4325b249b7dfa.json deleted file mode 100644 index 22dfe8a86..000000000 --- a/osv/malicious/npm/graph-studio-billing-contracts/MAL-0000-ghsa-malware-afd4325b249b7dfa.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:02:33Z", - "published": "2024-12-19T11:02:23Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-gmg8-mhw5-jx8g" - ], - "summary": "Malware in graph-studio-billing-contracts", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "graph-studio-billing-contracts" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-gmg8-mhw5-jx8g" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-gmg8-mhw5-jx8g" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "afd4325b249b7dfad124c21ffe39f85d2e38f1b6c2d31361f81e821adb8365ea", - "import_time": "2024-12-20T00:32:39.45686156Z", - "id": "GHSA-gmg8-mhw5-jx8g", - "modified_time": "2024-12-19T11:02:33Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/graph-studio-billing-contracts/MAL-2024-10891.json b/osv/malicious/npm/graph-studio-billing-contracts/MAL-2024-10891.json index 000428653..92f488209 100644 --- a/osv/malicious/npm/graph-studio-billing-contracts/MAL-2024-10891.json +++ b/osv/malicious/npm/graph-studio-billing-contracts/MAL-2024-10891.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-23T01:54:55Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-11-23T01:54:55Z", "schema_version": "1.5.0", "id": "MAL-2024-10891", + "aliases": [ + "GHSA-gmg8-mhw5-jx8g" + ], "summary": "Malicious code in graph-studio-billing-contracts (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (0cb3663cb890c51c325b0a2ec9752cb3adf11842fd52d1e99eb2f3182c7336b0)\nThe OpenSSF Package Analysis project identified 'graph-studio-billing-contracts' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (afd4325b249b7dfad124c21ffe39f85d2e38f1b6c2d31361f81e821adb8365ea)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (0cb3663cb890c51c325b0a2ec9752cb3adf11842fd52d1e99eb2f3182c7336b0)\nThe OpenSSF Package Analysis project identified 'graph-studio-billing-contracts' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "graph-studio-billing-contracts" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "0.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-gmg8-mhw5-jx8g" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "0cb3663cb890c51c325b0a2ec9752cb3adf11842fd52d1e99eb2f3182c7336b0", "import_time": "2024-11-23T02:29:26.459578117Z", "modified_time": "2024-11-23T01:54:55Z", - "sha256": "0cb3663cb890c51c325b0a2ec9752cb3adf11842fd52d1e99eb2f3182c7336b0", - "source": "ossf-package-analysis", "versions": [ "0.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "afd4325b249b7dfad124c21ffe39f85d2e38f1b6c2d31361f81e821adb8365ea", + "import_time": "2024-12-20T00:32:39.45686156Z", + "id": "GHSA-gmg8-mhw5-jx8g", + "modified_time": "2024-12-19T11:02:33Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/grid-context/MAL-0000-ghsa-malware-b3f459ed60b15a8a.json b/osv/malicious/npm/grid-context/MAL-2024-11989.json similarity index 63% rename from osv/malicious/npm/grid-context/MAL-0000-ghsa-malware-b3f459ed60b15a8a.json rename to osv/malicious/npm/grid-context/MAL-2024-11989.json index e60b95f38..57340ea1b 100644 --- a/osv/malicious/npm/grid-context/MAL-0000-ghsa-malware-b3f459ed60b15a8a.json +++ b/osv/malicious/npm/grid-context/MAL-2024-11989.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:45:42Z", "published": "2024-12-19T11:45:37Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11989", "aliases": [ "GHSA-w68m-gw34-4wfq" ], - "summary": "Malware in grid-context", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in grid-context (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (b3f459ed60b15a8a5c508fed9f7ebd2f7707ebbb1420e814add93920322749ea)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-w68m-gw34-4wfq" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "b3f459ed60b15a8a5c508fed9f7ebd2f7707ebbb1420e814add93920322749ea", - "import_time": "2024-12-20T00:32:39.518258163Z", "id": "GHSA-w68m-gw34-4wfq", + "import_time": "2024-12-20T00:32:39.518258163Z", "modified_time": "2024-12-19T11:45:42Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "b3f459ed60b15a8a5c508fed9f7ebd2f7707ebbb1420e814add93920322749ea", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/h5bp-docs/MAL-0000-ghsa-malware-6f10e6ae365af97b.json b/osv/malicious/npm/h5bp-docs/MAL-0000-ghsa-malware-6f10e6ae365af97b.json deleted file mode 100644 index 12cd33e82..000000000 --- a/osv/malicious/npm/h5bp-docs/MAL-0000-ghsa-malware-6f10e6ae365af97b.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:46:12Z", - "published": "2024-12-19T11:46:12Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-jwgg-hvpr-j4f2" - ], - "summary": "Malware in h5bp-docs", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "h5bp-docs" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-jwgg-hvpr-j4f2" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-jwgg-hvpr-j4f2" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "6f10e6ae365af97b4c79f04f1355dd26a8862632b8ce77cf50da4b2195414716", - "import_time": "2024-12-20T00:32:39.476523574Z", - "id": "GHSA-jwgg-hvpr-j4f2", - "modified_time": "2024-12-19T11:46:12Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/h5bp-docs/MAL-2024-11168.json b/osv/malicious/npm/h5bp-docs/MAL-2024-11168.json index 4e627df78..e9b6ca557 100644 --- a/osv/malicious/npm/h5bp-docs/MAL-2024-11168.json +++ b/osv/malicious/npm/h5bp-docs/MAL-2024-11168.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T09:39:45Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-01T09:39:45Z", "schema_version": "1.5.0", "id": "MAL-2024-11168", + "aliases": [ + "GHSA-jwgg-hvpr-j4f2" + ], "summary": "Malicious code in h5bp-docs (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (d63490fcf174d50c02e1d63132b9153bc39fd612126ebe360b428f942243e660)\nThe OpenSSF Package Analysis project identified 'h5bp-docs' @ 6.5.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (6f10e6ae365af97b4c79f04f1355dd26a8862632b8ce77cf50da4b2195414716)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (d63490fcf174d50c02e1d63132b9153bc39fd612126ebe360b428f942243e660)\nThe OpenSSF Package Analysis project identified 'h5bp-docs' @ 6.5.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "h5bp-docs" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "6.5.4" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-jwgg-hvpr-j4f2" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "d63490fcf174d50c02e1d63132b9153bc39fd612126ebe360b428f942243e660", "import_time": "2024-12-02T11:05:09.297009129Z", "modified_time": "2024-12-01T09:39:45Z", - "sha256": "d63490fcf174d50c02e1d63132b9153bc39fd612126ebe360b428f942243e660", - "source": "ossf-package-analysis", "versions": [ "6.5.4" ] + }, + { + "source": "ghsa-malware", + "sha256": "6f10e6ae365af97b4c79f04f1355dd26a8862632b8ce77cf50da4b2195414716", + "import_time": "2024-12-20T00:32:39.476523574Z", + "id": "GHSA-jwgg-hvpr-j4f2", + "modified_time": "2024-12-19T11:46:12Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/healenium/MAL-0000-ghsa-malware-ab4597abf7019561.json b/osv/malicious/npm/healenium/MAL-2024-11990.json similarity index 63% rename from osv/malicious/npm/healenium/MAL-0000-ghsa-malware-ab4597abf7019561.json rename to osv/malicious/npm/healenium/MAL-2024-11990.json index 0d8763435..97e6f5074 100644 --- a/osv/malicious/npm/healenium/MAL-0000-ghsa-malware-ab4597abf7019561.json +++ b/osv/malicious/npm/healenium/MAL-2024-11990.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:48:52Z", "published": "2024-12-19T11:48:52Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11990", "aliases": [ "GHSA-5xrc-pf2x-68r4" ], - "summary": "Malware in healenium", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in healenium (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (ab4597abf70195617218b4366cc4e83ea35770e784027c1909b352f258da5b8b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-5xrc-pf2x-68r4" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "ab4597abf70195617218b4366cc4e83ea35770e784027c1909b352f258da5b8b", - "import_time": "2024-12-20T00:32:39.396159647Z", "id": "GHSA-5xrc-pf2x-68r4", + "import_time": "2024-12-20T00:32:39.396159647Z", "modified_time": "2024-12-19T11:48:52Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "ab4597abf70195617218b4366cc4e83ea35770e784027c1909b352f258da5b8b", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/host-exploit/MAL-0000-ghsa-malware-8c88a475b723d108.json b/osv/malicious/npm/host-exploit/MAL-2024-11991.json similarity index 63% rename from osv/malicious/npm/host-exploit/MAL-0000-ghsa-malware-8c88a475b723d108.json rename to osv/malicious/npm/host-exploit/MAL-2024-11991.json index bea099afc..4454c3e4f 100644 --- a/osv/malicious/npm/host-exploit/MAL-0000-ghsa-malware-8c88a475b723d108.json +++ b/osv/malicious/npm/host-exploit/MAL-2024-11991.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:50:07Z", "published": "2024-12-19T11:50:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11991", "aliases": [ "GHSA-hx78-545c-wh2r" ], - "summary": "Malware in host-exploit", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in host-exploit (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (8c88a475b723d108a1436e644b77f957b6c71df50e99efaabff655288073d99c)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-hx78-545c-wh2r" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "8c88a475b723d108a1436e644b77f957b6c71df50e99efaabff655288073d99c", - "import_time": "2024-12-20T00:32:39.47005067Z", "id": "GHSA-hx78-545c-wh2r", + "import_time": "2024-12-20T00:32:39.47005067Z", "modified_time": "2024-12-19T11:50:07Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "8c88a475b723d108a1436e644b77f957b6c71df50e99efaabff655288073d99c", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/hyperion-react-testapp/MAL-0000-ghsa-malware-99a7ef31fe91a90b.json b/osv/malicious/npm/hyperion-react-testapp/MAL-2024-11992.json similarity index 63% rename from osv/malicious/npm/hyperion-react-testapp/MAL-0000-ghsa-malware-99a7ef31fe91a90b.json rename to osv/malicious/npm/hyperion-react-testapp/MAL-2024-11992.json index 419cec45f..17873f6d9 100644 --- a/osv/malicious/npm/hyperion-react-testapp/MAL-0000-ghsa-malware-99a7ef31fe91a90b.json +++ b/osv/malicious/npm/hyperion-react-testapp/MAL-2024-11992.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:51:32Z", "published": "2024-12-19T11:51:32Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11992", "aliases": [ "GHSA-52ff-x545-gx82" ], - "summary": "Malware in hyperion-react-testapp", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in hyperion-react-testapp (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (99a7ef31fe91a90b5e4780028e2f80cfe27e522aa931ce419fa5bed74d0c17fa)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-52ff-x545-gx82" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "99a7ef31fe91a90b5e4780028e2f80cfe27e522aa931ce419fa5bed74d0c17fa", - "import_time": "2024-12-20T00:32:39.387714834Z", "id": "GHSA-52ff-x545-gx82", + "import_time": "2024-12-20T00:32:39.387714834Z", "modified_time": "2024-12-19T11:51:32Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "99a7ef31fe91a90b5e4780028e2f80cfe27e522aa931ce419fa5bed74d0c17fa", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/iabgpp/MAL-0000-ghsa-malware-edb6cda8a8bf373a.json b/osv/malicious/npm/iabgpp/MAL-2024-11993.json similarity index 63% rename from osv/malicious/npm/iabgpp/MAL-0000-ghsa-malware-edb6cda8a8bf373a.json rename to osv/malicious/npm/iabgpp/MAL-2024-11993.json index 8277aff4c..6457ab0f2 100644 --- a/osv/malicious/npm/iabgpp/MAL-0000-ghsa-malware-edb6cda8a8bf373a.json +++ b/osv/malicious/npm/iabgpp/MAL-2024-11993.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:54:18Z", "published": "2024-12-19T11:54:12Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11993", "aliases": [ "GHSA-q437-gc68-9xcq" ], - "summary": "Malware in iabgpp", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in iabgpp (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (edb6cda8a8bf373a6f28fe3d23c481148bad3a3d27f968fc337be3dfe4326f55)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-q437-gc68-9xcq" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "edb6cda8a8bf373a6f28fe3d23c481148bad3a3d27f968fc337be3dfe4326f55", - "import_time": "2024-12-20T00:32:39.4932579Z", "id": "GHSA-q437-gc68-9xcq", + "import_time": "2024-12-20T00:32:39.4932579Z", "modified_time": "2024-12-19T11:54:18Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "edb6cda8a8bf373a6f28fe3d23c481148bad3a3d27f968fc337be3dfe4326f55", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/internallib_v15/MAL-0000-ghsa-malware-51c30166abdb6fdf.json b/osv/malicious/npm/internallib_v15/MAL-2024-11994.json similarity index 63% rename from osv/malicious/npm/internallib_v15/MAL-0000-ghsa-malware-51c30166abdb6fdf.json rename to osv/malicious/npm/internallib_v15/MAL-2024-11994.json index 1769221dd..65aa004a9 100644 --- a/osv/malicious/npm/internallib_v15/MAL-0000-ghsa-malware-51c30166abdb6fdf.json +++ b/osv/malicious/npm/internallib_v15/MAL-2024-11994.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:54:48Z", "published": "2024-12-19T11:54:47Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11994", "aliases": [ "GHSA-cxqg-47v8-f552" ], - "summary": "Malware in internallib_v15", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in internallib_v15 (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (51c30166abdb6fdfbf6f7175ed41f42aa33edb7ea9648b3db55bd94915d73c12)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-cxqg-47v8-f552" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "51c30166abdb6fdfbf6f7175ed41f42aa33edb7ea9648b3db55bd94915d73c12", - "import_time": "2024-12-20T00:32:39.439403806Z", "id": "GHSA-cxqg-47v8-f552", + "import_time": "2024-12-20T00:32:39.439403806Z", "modified_time": "2024-12-19T11:54:48Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "51c30166abdb6fdfbf6f7175ed41f42aa33edb7ea9648b3db55bd94915d73c12", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/internallib_v420/MAL-0000-ghsa-malware-291a2b6b3559f933.json b/osv/malicious/npm/internallib_v420/MAL-2024-11995.json similarity index 63% rename from osv/malicious/npm/internallib_v420/MAL-0000-ghsa-malware-291a2b6b3559f933.json rename to osv/malicious/npm/internallib_v420/MAL-2024-11995.json index 91d47f594..168d773b4 100644 --- a/osv/malicious/npm/internallib_v420/MAL-0000-ghsa-malware-291a2b6b3559f933.json +++ b/osv/malicious/npm/internallib_v420/MAL-2024-11995.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:55:43Z", "published": "2024-12-19T11:55:42Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11995", "aliases": [ "GHSA-mj25-hm4v-9xv6" ], - "summary": "Malware in internallib_v420", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in internallib_v420 (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (291a2b6b3559f93316c3fa8d0ab9ddf6a6417051190512d339da5b8c5e5827cf)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-mj25-hm4v-9xv6" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "291a2b6b3559f93316c3fa8d0ab9ddf6a6417051190512d339da5b8c5e5827cf", - "import_time": "2024-12-20T00:32:39.479877641Z", "id": "GHSA-mj25-hm4v-9xv6", + "import_time": "2024-12-20T00:32:39.479877641Z", "modified_time": "2024-12-19T11:55:43Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "291a2b6b3559f93316c3fa8d0ab9ddf6a6417051190512d339da5b8c5e5827cf", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/internallib_v693/MAL-0000-ghsa-malware-b605f1a0828894d2.json b/osv/malicious/npm/internallib_v693/MAL-2024-11996.json similarity index 63% rename from osv/malicious/npm/internallib_v693/MAL-0000-ghsa-malware-b605f1a0828894d2.json rename to osv/malicious/npm/internallib_v693/MAL-2024-11996.json index 170fbdec9..8ec477ebb 100644 --- a/osv/malicious/npm/internallib_v693/MAL-0000-ghsa-malware-b605f1a0828894d2.json +++ b/osv/malicious/npm/internallib_v693/MAL-2024-11996.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:56:53Z", "published": "2024-12-19T11:56:52Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11996", "aliases": [ "GHSA-gcfq-24p3-52v9" ], - "summary": "Malware in internallib_v693", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in internallib_v693 (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (b605f1a0828894d2e5cf2ca68d55af544c4d645afc65b248e4ff3b0f58418726)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-gcfq-24p3-52v9" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "b605f1a0828894d2e5cf2ca68d55af544c4d645afc65b248e4ff3b0f58418726", - "import_time": "2024-12-20T00:32:39.454115849Z", "id": "GHSA-gcfq-24p3-52v9", + "import_time": "2024-12-20T00:32:39.454115849Z", "modified_time": "2024-12-19T11:56:53Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "b605f1a0828894d2e5cf2ca68d55af544c4d645afc65b248e4ff3b0f58418726", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/internallib_v871/MAL-0000-ghsa-malware-69b95724fc9b2d9d.json b/osv/malicious/npm/internallib_v871/MAL-2024-11997.json similarity index 63% rename from osv/malicious/npm/internallib_v871/MAL-0000-ghsa-malware-69b95724fc9b2d9d.json rename to osv/malicious/npm/internallib_v871/MAL-2024-11997.json index af36792df..35c9274de 100644 --- a/osv/malicious/npm/internallib_v871/MAL-0000-ghsa-malware-69b95724fc9b2d9d.json +++ b/osv/malicious/npm/internallib_v871/MAL-2024-11997.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:56:53Z", "published": "2024-12-19T11:56:52Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11997", "aliases": [ "GHSA-pqg7-wpjq-6g4f" ], - "summary": "Malware in internallib_v871", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in internallib_v871 (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (69b95724fc9b2d9d8f204a0d94234e4f931f30bcbbb1686d50b026ad54373fa8)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-pqg7-wpjq-6g4f" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "69b95724fc9b2d9d8f204a0d94234e4f931f30bcbbb1686d50b026ad54373fa8", - "import_time": "2024-12-20T00:32:39.489167496Z", "id": "GHSA-pqg7-wpjq-6g4f", + "import_time": "2024-12-20T00:32:39.489167496Z", "modified_time": "2024-12-19T11:56:53Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "69b95724fc9b2d9d8f204a0d94234e4f931f30bcbbb1686d50b026ad54373fa8", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/kiosk-cli/MAL-0000-ghsa-malware-c7f59314a206c7fa.json b/osv/malicious/npm/kiosk-cli/MAL-0000-ghsa-malware-c7f59314a206c7fa.json deleted file mode 100644 index 6bbd34372..000000000 --- a/osv/malicious/npm/kiosk-cli/MAL-0000-ghsa-malware-c7f59314a206c7fa.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:02:24Z", - "published": "2024-12-19T11:02:23Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-jq5v-3ppv-w6gm" - ], - "summary": "Malware in kiosk-cli", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "kiosk-cli" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-jq5v-3ppv-w6gm" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-jq5v-3ppv-w6gm" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "c7f59314a206c7faa0082a49930dfe6b18851236824c9539436bf92a3f71a08a", - "import_time": "2024-12-20T00:32:39.474762748Z", - "id": "GHSA-jq5v-3ppv-w6gm", - "modified_time": "2024-12-19T11:02:24Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/kiosk-cli/MAL-2024-10893.json b/osv/malicious/npm/kiosk-cli/MAL-2024-10893.json index a9f033a6c..8f4cb2d1c 100644 --- a/osv/malicious/npm/kiosk-cli/MAL-2024-10893.json +++ b/osv/malicious/npm/kiosk-cli/MAL-2024-10893.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-23T13:49:34Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-11-23T13:49:34Z", "schema_version": "1.5.0", "id": "MAL-2024-10893", + "aliases": [ + "GHSA-jq5v-3ppv-w6gm" + ], "summary": "Malicious code in kiosk-cli (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (d10fc6445fc263d9c6f0c23db444b973404b62737bf4b43bdfb438bbfefb8012)\nThe OpenSSF Package Analysis project identified 'kiosk-cli' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (c7f59314a206c7faa0082a49930dfe6b18851236824c9539436bf92a3f71a08a)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (d10fc6445fc263d9c6f0c23db444b973404b62737bf4b43bdfb438bbfefb8012)\nThe OpenSSF Package Analysis project identified 'kiosk-cli' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "kiosk-cli" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "0.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-jq5v-3ppv-w6gm" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "d10fc6445fc263d9c6f0c23db444b973404b62737bf4b43bdfb438bbfefb8012", "import_time": "2024-11-23T14:04:58.87676227Z", "modified_time": "2024-11-23T13:49:34Z", - "sha256": "d10fc6445fc263d9c6f0c23db444b973404b62737bf4b43bdfb438bbfefb8012", - "source": "ossf-package-analysis", "versions": [ "0.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "c7f59314a206c7faa0082a49930dfe6b18851236824c9539436bf92a3f71a08a", + "import_time": "2024-12-20T00:32:39.474762748Z", + "id": "GHSA-jq5v-3ppv-w6gm", + "modified_time": "2024-12-19T11:02:24Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/language-babel/MAL-0000-ghsa-malware-868a15884f8fa2dc.json b/osv/malicious/npm/language-babel/MAL-0000-ghsa-malware-868a15884f8fa2dc.json deleted file mode 100644 index 507b1deb4..000000000 --- a/osv/malicious/npm/language-babel/MAL-0000-ghsa-malware-868a15884f8fa2dc.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:58:23Z", - "published": "2024-12-19T11:58:23Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-mp96-8wc8-wg67" - ], - "summary": "Malware in language-babel", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "language-babel" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-mp96-8wc8-wg67" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-mp96-8wc8-wg67" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "868a15884f8fa2dcf7b6c3e4c90ba8f449da26537cb4a784fc76e22057c739f8", - "import_time": "2024-12-20T00:32:39.481981536Z", - "id": "GHSA-mp96-8wc8-wg67", - "modified_time": "2024-12-19T11:58:23Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/language-babel/MAL-2024-11169.json b/osv/malicious/npm/language-babel/MAL-2024-11169.json index 4786b7411..9ef17f676 100644 --- a/osv/malicious/npm/language-babel/MAL-2024-11169.json +++ b/osv/malicious/npm/language-babel/MAL-2024-11169.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T13:19:54Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-01T13:19:54Z", "schema_version": "1.5.0", "id": "MAL-2024-11169", + "aliases": [ + "GHSA-mp96-8wc8-wg67" + ], "summary": "Malicious code in language-babel (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (dcd37c66c6ef8b4f9e513914eddcaf94ce87fb3865e6c44b64320c9b86930257)\nThe OpenSSF Package Analysis project identified 'language-babel' @ 10.4.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (868a15884f8fa2dcf7b6c3e4c90ba8f449da26537cb4a784fc76e22057c739f8)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (dcd37c66c6ef8b4f9e513914eddcaf94ce87fb3865e6c44b64320c9b86930257)\nThe OpenSSF Package Analysis project identified 'language-babel' @ 10.4.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "language-babel" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "10.4.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-mp96-8wc8-wg67" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "dcd37c66c6ef8b4f9e513914eddcaf94ce87fb3865e6c44b64320c9b86930257", "import_time": "2024-12-02T11:05:09.394953153Z", "modified_time": "2024-12-01T13:19:54Z", - "sha256": "dcd37c66c6ef8b4f9e513914eddcaf94ce87fb3865e6c44b64320c9b86930257", - "source": "ossf-package-analysis", "versions": [ "10.4.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "868a15884f8fa2dcf7b6c3e4c90ba8f449da26537cb4a784fc76e22057c739f8", + "import_time": "2024-12-20T00:32:39.481981536Z", + "id": "GHSA-mp96-8wc8-wg67", + "modified_time": "2024-12-19T11:58:23Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/linecorp/MAL-0000-ghsa-malware-4c61c1a8234e9b3b.json b/osv/malicious/npm/linecorp/MAL-2024-11998.json similarity index 63% rename from osv/malicious/npm/linecorp/MAL-0000-ghsa-malware-4c61c1a8234e9b3b.json rename to osv/malicious/npm/linecorp/MAL-2024-11998.json index 0dbd75ee3..59faf3b8b 100644 --- a/osv/malicious/npm/linecorp/MAL-0000-ghsa-malware-4c61c1a8234e9b3b.json +++ b/osv/malicious/npm/linecorp/MAL-2024-11998.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:59:33Z", "published": "2024-12-19T11:59:33Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11998", "aliases": [ "GHSA-hgjw-c8xw-633f" ], - "summary": "Malware in linecorp", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in linecorp (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (4c61c1a8234e9b3b0bc33608929d59e9a3ecd5d253d0b22cd6b4e100143b90b2)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-hgjw-c8xw-633f" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "4c61c1a8234e9b3b0bc33608929d59e9a3ecd5d253d0b22cd6b4e100143b90b2", - "import_time": "2024-12-20T00:32:39.467473666Z", "id": "GHSA-hgjw-c8xw-633f", + "import_time": "2024-12-20T00:32:39.467473666Z", "modified_time": "2024-12-19T11:59:33Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "4c61c1a8234e9b3b0bc33608929d59e9a3ecd5d253d0b22cd6b4e100143b90b2", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/manajemenservice/MAL-0000-ghsa-malware-00f781e5ec61ec2d.json b/osv/malicious/npm/manajemenservice/MAL-2024-11999.json similarity index 63% rename from osv/malicious/npm/manajemenservice/MAL-0000-ghsa-malware-00f781e5ec61ec2d.json rename to osv/malicious/npm/manajemenservice/MAL-2024-11999.json index 0195006a7..1cea6c413 100644 --- a/osv/malicious/npm/manajemenservice/MAL-0000-ghsa-malware-00f781e5ec61ec2d.json +++ b/osv/malicious/npm/manajemenservice/MAL-2024-11999.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:15:45Z", "published": "2024-12-19T11:15:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-11999", "aliases": [ "GHSA-phr5-x8q6-9v57" ], - "summary": "Malware in manajemenservice", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in manajemenservice (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (00f781e5ec61ec2d725507626667d8de0819e01e64f92bcd3d1b5232b99df76d)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-phr5-x8q6-9v57" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "00f781e5ec61ec2d725507626667d8de0819e01e64f92bcd3d1b5232b99df76d", - "import_time": "2024-12-20T00:32:39.488385291Z", "id": "GHSA-phr5-x8q6-9v57", + "import_time": "2024-12-20T00:32:39.488385291Z", "modified_time": "2024-12-19T11:15:45Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "00f781e5ec61ec2d725507626667d8de0819e01e64f92bcd3d1b5232b99df76d", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/maplibre/MAL-0000-ghsa-malware-812bdb7f3cb3a09a.json b/osv/malicious/npm/maplibre/MAL-2024-12000.json similarity index 63% rename from osv/malicious/npm/maplibre/MAL-0000-ghsa-malware-812bdb7f3cb3a09a.json rename to osv/malicious/npm/maplibre/MAL-2024-12000.json index 408283147..dddb24f37 100644 --- a/osv/malicious/npm/maplibre/MAL-0000-ghsa-malware-812bdb7f3cb3a09a.json +++ b/osv/malicious/npm/maplibre/MAL-2024-12000.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:01:03Z", "published": "2024-12-19T12:01:03Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12000", "aliases": [ "GHSA-8jhv-2jfg-jff6" ], - "summary": "Malware in maplibre", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in maplibre (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (812bdb7f3cb3a09a616e906c456e223c0069b42451a78c0df8d032054ec3f6a1)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-8jhv-2jfg-jff6" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "812bdb7f3cb3a09a616e906c456e223c0069b42451a78c0df8d032054ec3f6a1", - "import_time": "2024-12-20T00:32:39.416263962Z", "id": "GHSA-8jhv-2jfg-jff6", + "import_time": "2024-12-20T00:32:39.416263962Z", "modified_time": "2024-12-19T12:01:03Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "812bdb7f3cb3a09a616e906c456e223c0069b42451a78c0df8d032054ec3f6a1", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/maven-dependency-submission-action/MAL-0000-ghsa-malware-1381f1caf30bbc11.json b/osv/malicious/npm/maven-dependency-submission-action/MAL-0000-ghsa-malware-1381f1caf30bbc11.json deleted file mode 100644 index 7cc9bf789..000000000 --- a/osv/malicious/npm/maven-dependency-submission-action/MAL-0000-ghsa-malware-1381f1caf30bbc11.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T09:55:09Z", - "published": "2024-12-19T09:55:09Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-xvcg-66xv-x2gq" - ], - "summary": "Malware in maven-dependency-submission-action", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "maven-dependency-submission-action" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-xvcg-66xv-x2gq" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-xvcg-66xv-x2gq" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "1381f1caf30bbc11135c6f4ffc6634a4cdeaaa63627d583675758c564c38c804", - "import_time": "2024-12-20T00:32:39.536216415Z", - "id": "GHSA-xvcg-66xv-x2gq", - "modified_time": "2024-12-19T09:55:09Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/maven-dependency-submission-action/MAL-2024-10880.json b/osv/malicious/npm/maven-dependency-submission-action/MAL-2024-10880.json index 286f5a674..a7873b465 100644 --- a/osv/malicious/npm/maven-dependency-submission-action/MAL-2024-10880.json +++ b/osv/malicious/npm/maven-dependency-submission-action/MAL-2024-10880.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-22T22:52:14Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-11-22T22:52:14Z", "schema_version": "1.5.0", "id": "MAL-2024-10880", + "aliases": [ + "GHSA-xvcg-66xv-x2gq" + ], "summary": "Malicious code in maven-dependency-submission-action (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (f449ebddb88a3ed6afe114ead8e8e6c91b8127b7abb06ac7162a07d227cde5c1)\nThe OpenSSF Package Analysis project identified 'maven-dependency-submission-action' @ 4.3.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (1381f1caf30bbc11135c6f4ffc6634a4cdeaaa63627d583675758c564c38c804)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (f449ebddb88a3ed6afe114ead8e8e6c91b8127b7abb06ac7162a07d227cde5c1)\nThe OpenSSF Package Analysis project identified 'maven-dependency-submission-action' @ 4.3.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "maven-dependency-submission-action" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "4.3.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-xvcg-66xv-x2gq" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "f449ebddb88a3ed6afe114ead8e8e6c91b8127b7abb06ac7162a07d227cde5c1", "import_time": "2024-11-22T23:05:20.436711386Z", "modified_time": "2024-11-22T22:52:14Z", - "sha256": "f449ebddb88a3ed6afe114ead8e8e6c91b8127b7abb06ac7162a07d227cde5c1", - "source": "ossf-package-analysis", "versions": [ "4.3.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "1381f1caf30bbc11135c6f4ffc6634a4cdeaaa63627d583675758c564c38c804", + "import_time": "2024-12-20T00:32:39.536216415Z", + "id": "GHSA-xvcg-66xv-x2gq", + "modified_time": "2024-12-19T09:55:09Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/mediafragment/MAL-0000-ghsa-malware-7fb9581f803d3257.json b/osv/malicious/npm/mediafragment/MAL-2024-12001.json similarity index 63% rename from osv/malicious/npm/mediafragment/MAL-0000-ghsa-malware-7fb9581f803d3257.json rename to osv/malicious/npm/mediafragment/MAL-2024-12001.json index acc0cd713..21fc7300c 100644 --- a/osv/malicious/npm/mediafragment/MAL-0000-ghsa-malware-7fb9581f803d3257.json +++ b/osv/malicious/npm/mediafragment/MAL-2024-12001.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:02:18Z", "published": "2024-12-19T12:02:13Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12001", "aliases": [ "GHSA-fm4c-wmg7-g546" ], - "summary": "Malware in mediafragment", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in mediafragment (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (7fb9581f803d32570561a1bc1060406340d661188e0c0fe8eb10b50f1d0085b6)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-fm4c-wmg7-g546" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "7fb9581f803d32570561a1bc1060406340d661188e0c0fe8eb10b50f1d0085b6", - "import_time": "2024-12-20T00:32:39.445619046Z", "id": "GHSA-fm4c-wmg7-g546", + "import_time": "2024-12-20T00:32:39.445619046Z", "modified_time": "2024-12-19T12:02:18Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "7fb9581f803d32570561a1bc1060406340d661188e0c0fe8eb10b50f1d0085b6", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/metamodel-editor/MAL-0000-ghsa-malware-f82fb4d86a302779.json b/osv/malicious/npm/metamodel-editor/MAL-2024-12002.json similarity index 63% rename from osv/malicious/npm/metamodel-editor/MAL-0000-ghsa-malware-f82fb4d86a302779.json rename to osv/malicious/npm/metamodel-editor/MAL-2024-12002.json index b0d263a38..5da2339d3 100644 --- a/osv/malicious/npm/metamodel-editor/MAL-0000-ghsa-malware-f82fb4d86a302779.json +++ b/osv/malicious/npm/metamodel-editor/MAL-2024-12002.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:47:22Z", "published": "2024-12-19T10:47:22Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12002", "aliases": [ "GHSA-2f58-vrmp-hpmp" ], - "summary": "Malware in metamodel-editor", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in metamodel-editor (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (f82fb4d86a302779b75cb5721517e80e827b6e6fe5368f3639b294b46e21cbd7)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-2f58-vrmp-hpmp" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "f82fb4d86a302779b75cb5721517e80e827b6e6fe5368f3639b294b46e21cbd7", - "import_time": "2024-12-20T00:32:39.362518083Z", "id": "GHSA-2f58-vrmp-hpmp", + "import_time": "2024-12-20T00:32:39.362518083Z", "modified_time": "2024-12-19T10:47:22Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "f82fb4d86a302779b75cb5721517e80e827b6e6fe5368f3639b294b46e21cbd7", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/meu-script/MAL-0000-ghsa-malware-e353f941edf7dd05.json b/osv/malicious/npm/meu-script/MAL-2024-12003.json similarity index 63% rename from osv/malicious/npm/meu-script/MAL-0000-ghsa-malware-e353f941edf7dd05.json rename to osv/malicious/npm/meu-script/MAL-2024-12003.json index d3fb60153..d620f8730 100644 --- a/osv/malicious/npm/meu-script/MAL-0000-ghsa-malware-e353f941edf7dd05.json +++ b/osv/malicious/npm/meu-script/MAL-2024-12003.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:03:24Z", "published": "2024-12-19T12:03:23Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12003", "aliases": [ "GHSA-fwj7-gf3x-47cp" ], - "summary": "Malware in meu-script", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in meu-script (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (e353f941edf7dd059abeaa51d5917deb104c737b659e3efdd3ebaf4e5ad8b18b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-fwj7-gf3x-47cp" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "e353f941edf7dd059abeaa51d5917deb104c737b659e3efdd3ebaf4e5ad8b18b", - "import_time": "2024-12-20T00:32:39.449088334Z", "id": "GHSA-fwj7-gf3x-47cp", + "import_time": "2024-12-20T00:32:39.449088334Z", "modified_time": "2024-12-19T12:03:24Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "e353f941edf7dd059abeaa51d5917deb104c737b659e3efdd3ebaf4e5ad8b18b", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/mina-bridge/MAL-0000-ghsa-malware-c04fd17707294cac.json b/osv/malicious/npm/mina-bridge/MAL-2024-12004.json similarity index 63% rename from osv/malicious/npm/mina-bridge/MAL-0000-ghsa-malware-c04fd17707294cac.json rename to osv/malicious/npm/mina-bridge/MAL-2024-12004.json index 9dcb8684d..c12d15714 100644 --- a/osv/malicious/npm/mina-bridge/MAL-0000-ghsa-malware-c04fd17707294cac.json +++ b/osv/malicious/npm/mina-bridge/MAL-2024-12004.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:04:18Z", "published": "2024-12-19T12:04:18Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12004", "aliases": [ "GHSA-gxgp-m539-mj95" ], - "summary": "Malware in mina-bridge", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in mina-bridge (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (c04fd17707294cac66886e59d347bbfcaf6ac85121c28b4b665490794f5fb861)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-gxgp-m539-mj95" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "c04fd17707294cac66886e59d347bbfcaf6ac85121c28b4b665490794f5fb861", - "import_time": "2024-12-20T00:32:39.459121304Z", "id": "GHSA-gxgp-m539-mj95", + "import_time": "2024-12-20T00:32:39.459121304Z", "modified_time": "2024-12-19T12:04:18Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "c04fd17707294cac66886e59d347bbfcaf6ac85121c28b4b665490794f5fb861", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/mockapie/MAL-0000-ghsa-malware-3c6ab6842511adb8.json b/osv/malicious/npm/mockapie/MAL-2024-12005.json similarity index 63% rename from osv/malicious/npm/mockapie/MAL-0000-ghsa-malware-3c6ab6842511adb8.json rename to osv/malicious/npm/mockapie/MAL-2024-12005.json index ec0fcc26d..8f12f55e4 100644 --- a/osv/malicious/npm/mockapie/MAL-0000-ghsa-malware-3c6ab6842511adb8.json +++ b/osv/malicious/npm/mockapie/MAL-2024-12005.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:09:48Z", "published": "2024-12-19T11:09:48Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12005", "aliases": [ "GHSA-fhmx-37cm-q95r" ], - "summary": "Malware in mockapie", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in mockapie (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (3c6ab6842511adb800a707783d5712c9ef0fab67ae37078975c9a8580aa6121f)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-fhmx-37cm-q95r" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "3c6ab6842511adb800a707783d5712c9ef0fab67ae37078975c9a8580aa6121f", - "import_time": "2024-12-20T00:32:39.443781256Z", "id": "GHSA-fhmx-37cm-q95r", + "import_time": "2024-12-20T00:32:39.443781256Z", "modified_time": "2024-12-19T11:09:48Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "3c6ab6842511adb800a707783d5712c9ef0fab67ae37078975c9a8580aa6121f", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/mryayaa/MAL-0000-ghsa-malware-46b23bd4fb6be2b8.json b/osv/malicious/npm/mryayaa/MAL-2024-12006.json similarity index 63% rename from osv/malicious/npm/mryayaa/MAL-0000-ghsa-malware-46b23bd4fb6be2b8.json rename to osv/malicious/npm/mryayaa/MAL-2024-12006.json index 74f2e7e73..8a3849061 100644 --- a/osv/malicious/npm/mryayaa/MAL-0000-ghsa-malware-46b23bd4fb6be2b8.json +++ b/osv/malicious/npm/mryayaa/MAL-2024-12006.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:02:23Z", "published": "2024-12-19T11:02:22Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12006", "aliases": [ "GHSA-4mg5-4rgx-w35m" ], - "summary": "Malware in mryayaa", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in mryayaa (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (46b23bd4fb6be2b851f9b03a238ff7c016376f9aebcc024488825a5ab2523674)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-4mg5-4rgx-w35m" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "46b23bd4fb6be2b851f9b03a238ff7c016376f9aebcc024488825a5ab2523674", - "import_time": "2024-12-20T00:32:39.381330023Z", "id": "GHSA-4mg5-4rgx-w35m", + "import_time": "2024-12-20T00:32:39.381330023Z", "modified_time": "2024-12-19T11:02:23Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "46b23bd4fb6be2b851f9b03a238ff7c016376f9aebcc024488825a5ab2523674", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/my-app-name/MAL-0000-ghsa-malware-e3b688286528def3.json b/osv/malicious/npm/my-app-name/MAL-2024-12007.json similarity index 63% rename from osv/malicious/npm/my-app-name/MAL-0000-ghsa-malware-e3b688286528def3.json rename to osv/malicious/npm/my-app-name/MAL-2024-12007.json index 5c7f9648d..02d41a162 100644 --- a/osv/malicious/npm/my-app-name/MAL-0000-ghsa-malware-e3b688286528def3.json +++ b/osv/malicious/npm/my-app-name/MAL-2024-12007.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:13:19Z", "published": "2024-12-19T11:13:19Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12007", "aliases": [ "GHSA-6f95-xqfm-5g66" ], - "summary": "Malware in my-app-name", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in my-app-name (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (e3b688286528def3945fc6d678e314a2678fdddd35def920c64e4c311a29d416)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-6f95-xqfm-5g66" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "e3b688286528def3945fc6d678e314a2678fdddd35def920c64e4c311a29d416", - "import_time": "2024-12-20T00:32:39.399510932Z", "id": "GHSA-6f95-xqfm-5g66", + "import_time": "2024-12-20T00:32:39.399510932Z", "modified_time": "2024-12-19T11:13:19Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "e3b688286528def3945fc6d678e314a2678fdddd35def920c64e4c311a29d416", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/nerd4node/MAL-0000-ghsa-malware-9212e7685c7fd131.json b/osv/malicious/npm/nerd4node/MAL-2024-12008.json similarity index 63% rename from osv/malicious/npm/nerd4node/MAL-0000-ghsa-malware-9212e7685c7fd131.json rename to osv/malicious/npm/nerd4node/MAL-2024-12008.json index bc60f6087..64a2091c8 100644 --- a/osv/malicious/npm/nerd4node/MAL-0000-ghsa-malware-9212e7685c7fd131.json +++ b/osv/malicious/npm/nerd4node/MAL-2024-12008.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:09:58Z", "published": "2024-12-19T11:09:48Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12008", "aliases": [ "GHSA-6w9g-cpfq-rc28" ], - "summary": "Malware in nerd4node", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in nerd4node (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (9212e7685c7fd13159cdd6b31f5c0b398be7266d6fcbab454def7f7d8fa1a781)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-6w9g-cpfq-rc28" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "9212e7685c7fd13159cdd6b31f5c0b398be7266d6fcbab454def7f7d8fa1a781", - "import_time": "2024-12-20T00:32:39.401341386Z", "id": "GHSA-6w9g-cpfq-rc28", + "import_time": "2024-12-20T00:32:39.401341386Z", "modified_time": "2024-12-19T11:09:58Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "9212e7685c7fd13159cdd6b31f5c0b398be7266d6fcbab454def7f7d8fa1a781", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/network-test-poc/MAL-0000-ghsa-malware-0f3556105e3d88ae.json b/osv/malicious/npm/network-test-poc/MAL-2024-12009.json similarity index 63% rename from osv/malicious/npm/network-test-poc/MAL-0000-ghsa-malware-0f3556105e3d88ae.json rename to osv/malicious/npm/network-test-poc/MAL-2024-12009.json index 5702bbf78..6172d125a 100644 --- a/osv/malicious/npm/network-test-poc/MAL-0000-ghsa-malware-0f3556105e3d88ae.json +++ b/osv/malicious/npm/network-test-poc/MAL-2024-12009.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:06:24Z", "published": "2024-12-19T12:06:23Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12009", "aliases": [ "GHSA-ch67-vq73-q3g7" ], - "summary": "Malware in network-test-poc", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in network-test-poc (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (0f3556105e3d88ae9ead88263d04cf512babaad83e9f169da9751c0b6d86e022)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-ch67-vq73-q3g7" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "0f3556105e3d88ae9ead88263d04cf512babaad83e9f169da9751c0b6d86e022", - "import_time": "2024-12-20T00:32:39.433587266Z", "id": "GHSA-ch67-vq73-q3g7", + "import_time": "2024-12-20T00:32:39.433587266Z", "modified_time": "2024-12-19T12:06:24Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "0f3556105e3d88ae9ead88263d04cf512babaad83e9f169da9751c0b6d86e022", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/nextjs-app-router/MAL-0000-ghsa-malware-1be3a353ab6fd3d5.json b/osv/malicious/npm/nextjs-app-router/MAL-2024-12010.json similarity index 63% rename from osv/malicious/npm/nextjs-app-router/MAL-0000-ghsa-malware-1be3a353ab6fd3d5.json rename to osv/malicious/npm/nextjs-app-router/MAL-2024-12010.json index 8e6cf1eaa..1e77d5caf 100644 --- a/osv/malicious/npm/nextjs-app-router/MAL-0000-ghsa-malware-1be3a353ab6fd3d5.json +++ b/osv/malicious/npm/nextjs-app-router/MAL-2024-12010.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:52:28Z", "published": "2024-12-19T10:52:27Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12010", "aliases": [ "GHSA-v3p5-whjf-q3cw" ], - "summary": "Malware in nextjs-app-router", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in nextjs-app-router (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (1be3a353ab6fd3d56d1698543312d483fa52ee3aa1fbc09c0d9efbf8c6b99e33)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-v3p5-whjf-q3cw" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "1be3a353ab6fd3d56d1698543312d483fa52ee3aa1fbc09c0d9efbf8c6b99e33", - "import_time": "2024-12-20T00:32:39.509448521Z", "id": "GHSA-v3p5-whjf-q3cw", + "import_time": "2024-12-20T00:32:39.509448521Z", "modified_time": "2024-12-19T10:52:28Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "1be3a353ab6fd3d56d1698543312d483fa52ee3aa1fbc09c0d9efbf8c6b99e33", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/nimiq-rewards-calculator/MAL-0000-ghsa-malware-d950995f06dd02bf.json b/osv/malicious/npm/nimiq-rewards-calculator/MAL-2024-12011.json similarity index 63% rename from osv/malicious/npm/nimiq-rewards-calculator/MAL-0000-ghsa-malware-d950995f06dd02bf.json rename to osv/malicious/npm/nimiq-rewards-calculator/MAL-2024-12011.json index 0147a6644..23fa5a6c9 100644 --- a/osv/malicious/npm/nimiq-rewards-calculator/MAL-0000-ghsa-malware-d950995f06dd02bf.json +++ b/osv/malicious/npm/nimiq-rewards-calculator/MAL-2024-12011.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:12:45Z", "published": "2024-12-19T11:12:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12011", "aliases": [ "GHSA-h3rx-wcww-gjf3" ], - "summary": "Malware in nimiq-rewards-calculator", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in nimiq-rewards-calculator (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d950995f06dd02bfab4e652ede8b9806d3cdd50d46d63c8f03da915e20a25da2)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-h3rx-wcww-gjf3" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d950995f06dd02bfab4e652ede8b9806d3cdd50d46d63c8f03da915e20a25da2", - "import_time": "2024-12-20T00:32:39.460655609Z", "id": "GHSA-h3rx-wcww-gjf3", + "import_time": "2024-12-20T00:32:39.460655609Z", "modified_time": "2024-12-19T11:12:45Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d950995f06dd02bfab4e652ede8b9806d3cdd50d46d63c8f03da915e20a25da2", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/nylas-private-fonts/MAL-0000-ghsa-malware-3ee1ef8c0550ca23.json b/osv/malicious/npm/nylas-private-fonts/MAL-0000-ghsa-malware-3ee1ef8c0550ca23.json deleted file mode 100644 index b9482306a..000000000 --- a/osv/malicious/npm/nylas-private-fonts/MAL-0000-ghsa-malware-3ee1ef8c0550ca23.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T12:09:49Z", - "published": "2024-12-19T12:09:38Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-rm88-4vr9-2rwg" - ], - "summary": "Malware in nylas-private-fonts", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "nylas-private-fonts" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-rm88-4vr9-2rwg" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-rm88-4vr9-2rwg" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "3ee1ef8c0550ca23a398f277c0c95ff8234e2cfe0131ba08cfa0d0c2c327aa43", - "import_time": "2024-12-20T00:32:39.507237537Z", - "id": "GHSA-rm88-4vr9-2rwg", - "modified_time": "2024-12-19T12:09:49Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/nylas-private-fonts/MAL-2024-10896.json b/osv/malicious/npm/nylas-private-fonts/MAL-2024-10896.json index 0b6612ce0..2d0ee2495 100644 --- a/osv/malicious/npm/nylas-private-fonts/MAL-2024-10896.json +++ b/osv/malicious/npm/nylas-private-fonts/MAL-2024-10896.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-24T18:37:11Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-11-24T18:37:11Z", "schema_version": "1.5.0", "id": "MAL-2024-10896", + "aliases": [ + "GHSA-rm88-4vr9-2rwg" + ], "summary": "Malicious code in nylas-private-fonts (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (8ab4014737a8b84952db6c28c07ced451b5823e701e1da40c22d913fe9236c7c)\nThe OpenSSF Package Analysis project identified 'nylas-private-fonts' @ 1.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (3ee1ef8c0550ca23a398f277c0c95ff8234e2cfe0131ba08cfa0d0c2c327aa43)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (8ab4014737a8b84952db6c28c07ced451b5823e701e1da40c22d913fe9236c7c)\nThe OpenSSF Package Analysis project identified 'nylas-private-fonts' @ 1.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "nylas-private-fonts" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.1.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rm88-4vr9-2rwg" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "8ab4014737a8b84952db6c28c07ced451b5823e701e1da40c22d913fe9236c7c", "import_time": "2024-11-24T18:37:47.049977755Z", "modified_time": "2024-11-24T18:37:11Z", - "sha256": "8ab4014737a8b84952db6c28c07ced451b5823e701e1da40c22d913fe9236c7c", - "source": "ossf-package-analysis", "versions": [ "1.1.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "3ee1ef8c0550ca23a398f277c0c95ff8234e2cfe0131ba08cfa0d0c2c327aa43", + "import_time": "2024-12-20T00:32:39.507237537Z", + "id": "GHSA-rm88-4vr9-2rwg", + "modified_time": "2024-12-19T12:09:49Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/nylas-private-sounds/MAL-0000-ghsa-malware-612de4025068333f.json b/osv/malicious/npm/nylas-private-sounds/MAL-0000-ghsa-malware-612de4025068333f.json deleted file mode 100644 index dbfe766b4..000000000 --- a/osv/malicious/npm/nylas-private-sounds/MAL-0000-ghsa-malware-612de4025068333f.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T12:09:39Z", - "published": "2024-12-19T12:09:38Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-q2qq-hc68-vj56" - ], - "summary": "Malware in nylas-private-sounds", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "nylas-private-sounds" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-q2qq-hc68-vj56" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-q2qq-hc68-vj56" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "612de4025068333f24bd17ea9b89669c891d1b53d78404a37c1dfaf655126501", - "import_time": "2024-12-20T00:32:39.491658471Z", - "id": "GHSA-q2qq-hc68-vj56", - "modified_time": "2024-12-19T12:09:39Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/nylas-private-sounds/MAL-2024-10897.json b/osv/malicious/npm/nylas-private-sounds/MAL-2024-10897.json index 651be1080..668327073 100644 --- a/osv/malicious/npm/nylas-private-sounds/MAL-2024-10897.json +++ b/osv/malicious/npm/nylas-private-sounds/MAL-2024-10897.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-24T18:30:53Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-11-24T18:30:53Z", "schema_version": "1.5.0", "id": "MAL-2024-10897", + "aliases": [ + "GHSA-q2qq-hc68-vj56" + ], "summary": "Malicious code in nylas-private-sounds (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (69d6d5dde68997e3a393799153358d0d974380ca42fdea4b330f6c26b40c4892)\nThe OpenSSF Package Analysis project identified 'nylas-private-sounds' @ 1.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (612de4025068333f24bd17ea9b89669c891d1b53d78404a37c1dfaf655126501)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (69d6d5dde68997e3a393799153358d0d974380ca42fdea4b330f6c26b40c4892)\nThe OpenSSF Package Analysis project identified 'nylas-private-sounds' @ 1.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "nylas-private-sounds" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.1.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-q2qq-hc68-vj56" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "69d6d5dde68997e3a393799153358d0d974380ca42fdea4b330f6c26b40c4892", "import_time": "2024-11-24T18:37:46.936852746Z", "modified_time": "2024-11-24T18:30:53Z", - "sha256": "69d6d5dde68997e3a393799153358d0d974380ca42fdea4b330f6c26b40c4892", - "source": "ossf-package-analysis", "versions": [ "1.1.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "612de4025068333f24bd17ea9b89669c891d1b53d78404a37c1dfaf655126501", + "import_time": "2024-12-20T00:32:39.491658471Z", + "id": "GHSA-q2qq-hc68-vj56", + "modified_time": "2024-12-19T12:09:39Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/o-share/MAL-0000-ghsa-malware-06086385d6d0eae5.json b/osv/malicious/npm/o-share/MAL-2024-12012.json similarity index 63% rename from osv/malicious/npm/o-share/MAL-0000-ghsa-malware-06086385d6d0eae5.json rename to osv/malicious/npm/o-share/MAL-2024-12012.json index fa97651a7..a7c74864b 100644 --- a/osv/malicious/npm/o-share/MAL-0000-ghsa-malware-06086385d6d0eae5.json +++ b/osv/malicious/npm/o-share/MAL-2024-12012.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:14:06Z", "published": "2024-12-19T12:14:06Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12012", "aliases": [ "GHSA-w7cf-crc9-4wrp" ], - "summary": "Malware in o-share", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in o-share (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (06086385d6d0eae5259f2f99cd6e307f57d5290aa66966c69fb517d502714d4b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-w7cf-crc9-4wrp" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "06086385d6d0eae5259f2f99cd6e307f57d5290aa66966c69fb517d502714d4b", - "import_time": "2024-12-20T00:32:39.519019961Z", "id": "GHSA-w7cf-crc9-4wrp", + "import_time": "2024-12-20T00:32:39.519019961Z", "modified_time": "2024-12-19T12:14:06Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "06086385d6d0eae5259f2f99cd6e307f57d5290aa66966c69fb517d502714d4b", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/oj-odcs-category-selector/MAL-0000-ghsa-malware-a60a93d78df8a9fd.json b/osv/malicious/npm/oj-odcs-category-selector/MAL-2024-12013.json similarity index 63% rename from osv/malicious/npm/oj-odcs-category-selector/MAL-0000-ghsa-malware-a60a93d78df8a9fd.json rename to osv/malicious/npm/oj-odcs-category-selector/MAL-2024-12013.json index 2155af6ac..cc1302a63 100644 --- a/osv/malicious/npm/oj-odcs-category-selector/MAL-0000-ghsa-malware-a60a93d78df8a9fd.json +++ b/osv/malicious/npm/oj-odcs-category-selector/MAL-2024-12013.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:11:44Z", "published": "2024-12-19T12:11:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12013", "aliases": [ "GHSA-f579-7pwf-gqcc" ], - "summary": "Malware in oj-odcs-category-selector", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in oj-odcs-category-selector (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (a60a93d78df8a9fddce4544e346f4e972b8d22bc721038cc23b9461ffdd9dcad)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-f579-7pwf-gqcc" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "a60a93d78df8a9fddce4544e346f4e972b8d22bc721038cc23b9461ffdd9dcad", - "import_time": "2024-12-20T00:32:39.441304397Z", "id": "GHSA-f579-7pwf-gqcc", + "import_time": "2024-12-20T00:32:39.441304397Z", "modified_time": "2024-12-19T12:11:44Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "a60a93d78df8a9fddce4544e346f4e972b8d22bc721038cc23b9461ffdd9dcad", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/oj-odcs-fontawesome/MAL-0000-ghsa-malware-305cca77ffd82127.json b/osv/malicious/npm/oj-odcs-fontawesome/MAL-2024-12014.json similarity index 63% rename from osv/malicious/npm/oj-odcs-fontawesome/MAL-0000-ghsa-malware-305cca77ffd82127.json rename to osv/malicious/npm/oj-odcs-fontawesome/MAL-2024-12014.json index bf10cd6e7..4d8ad9fc6 100644 --- a/osv/malicious/npm/oj-odcs-fontawesome/MAL-0000-ghsa-malware-305cca77ffd82127.json +++ b/osv/malicious/npm/oj-odcs-fontawesome/MAL-2024-12014.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:11:54Z", "published": "2024-12-19T12:11:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12014", "aliases": [ "GHSA-8h4p-c3fx-g6c6" ], - "summary": "Malware in oj-odcs-fontawesome", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in oj-odcs-fontawesome (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (305cca77ffd82127e64a3a925db786f7045fdb77cfcbdb5d968a8a785164e69b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-8h4p-c3fx-g6c6" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "305cca77ffd82127e64a3a925db786f7045fdb77cfcbdb5d968a8a785164e69b", - "import_time": "2024-12-20T00:32:39.415306658Z", "id": "GHSA-8h4p-c3fx-g6c6", + "import_time": "2024-12-20T00:32:39.415306658Z", "modified_time": "2024-12-19T12:11:54Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "305cca77ffd82127e64a3a925db786f7045fdb77cfcbdb5d968a8a785164e69b", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/oj-odcs-linked-text/MAL-0000-ghsa-malware-d17c600cc0be1869.json b/osv/malicious/npm/oj-odcs-linked-text/MAL-2024-12015.json similarity index 63% rename from osv/malicious/npm/oj-odcs-linked-text/MAL-0000-ghsa-malware-d17c600cc0be1869.json rename to osv/malicious/npm/oj-odcs-linked-text/MAL-2024-12015.json index 54a4715c2..8148920f6 100644 --- a/osv/malicious/npm/oj-odcs-linked-text/MAL-0000-ghsa-malware-d17c600cc0be1869.json +++ b/osv/malicious/npm/oj-odcs-linked-text/MAL-2024-12015.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:11:54Z", "published": "2024-12-19T12:11:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12015", "aliases": [ "GHSA-fvv7-vmjm-mj7f" ], - "summary": "Malware in oj-odcs-linked-text", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in oj-odcs-linked-text (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d17c600cc0be18696e4ab114d64ad488bd7f257bd8bfe509b372437fb919b0ec)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-fvv7-vmjm-mj7f" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d17c600cc0be18696e4ab114d64ad488bd7f257bd8bfe509b372437fb919b0ec", - "import_time": "2024-12-20T00:32:39.448308844Z", "id": "GHSA-fvv7-vmjm-mj7f", + "import_time": "2024-12-20T00:32:39.448308844Z", "modified_time": "2024-12-19T12:11:54Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d17c600cc0be18696e4ab114d64ad488bd7f257bd8bfe509b372437fb919b0ec", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/oj-odcs-product-selector/MAL-0000-ghsa-malware-709903d8ce577ec3.json b/osv/malicious/npm/oj-odcs-product-selector/MAL-2024-12016.json similarity index 63% rename from osv/malicious/npm/oj-odcs-product-selector/MAL-0000-ghsa-malware-709903d8ce577ec3.json rename to osv/malicious/npm/oj-odcs-product-selector/MAL-2024-12016.json index 6f6d19b77..5cd57cb06 100644 --- a/osv/malicious/npm/oj-odcs-product-selector/MAL-0000-ghsa-malware-709903d8ce577ec3.json +++ b/osv/malicious/npm/oj-odcs-product-selector/MAL-2024-12016.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:11:44Z", "published": "2024-12-19T12:11:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12016", "aliases": [ "GHSA-c9mr-2gmq-fg49" ], - "summary": "Malware in oj-odcs-product-selector", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in oj-odcs-product-selector (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (709903d8ce577ec3a287d787ad000d277c61e0c9a427262948b5e61986e5f320)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-c9mr-2gmq-fg49" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "709903d8ce577ec3a287d787ad000d277c61e0c9a427262948b5e61986e5f320", - "import_time": "2024-12-20T00:32:39.432617512Z", "id": "GHSA-c9mr-2gmq-fg49", + "import_time": "2024-12-20T00:32:39.432617512Z", "modified_time": "2024-12-19T12:11:44Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "709903d8ce577ec3a287d787ad000d277c61e0c9a427262948b5e61986e5f320", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/oj-odcs-selector-common/MAL-0000-ghsa-malware-03e1915e461fd9e5.json b/osv/malicious/npm/oj-odcs-selector-common/MAL-2024-12017.json similarity index 63% rename from osv/malicious/npm/oj-odcs-selector-common/MAL-0000-ghsa-malware-03e1915e461fd9e5.json rename to osv/malicious/npm/oj-odcs-selector-common/MAL-2024-12017.json index b30db1a83..09a90070c 100644 --- a/osv/malicious/npm/oj-odcs-selector-common/MAL-0000-ghsa-malware-03e1915e461fd9e5.json +++ b/osv/malicious/npm/oj-odcs-selector-common/MAL-2024-12017.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:11:54Z", "published": "2024-12-19T12:11:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12017", "aliases": [ "GHSA-2gq2-985p-vhg2" ], - "summary": "Malware in oj-odcs-selector-common", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in oj-odcs-selector-common (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (03e1915e461fd9e5e3cabf5ac88ddcb40add1449d47b7773f28d095c1473c23b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-2gq2-985p-vhg2" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "03e1915e461fd9e5e3cabf5ac88ddcb40add1449d47b7773f28d095c1473c23b", - "import_time": "2024-12-20T00:32:39.363290891Z", "id": "GHSA-2gq2-985p-vhg2", + "import_time": "2024-12-20T00:32:39.363290891Z", "modified_time": "2024-12-19T12:11:54Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "03e1915e461fd9e5e3cabf5ac88ddcb40add1449d47b7773f28d095c1473c23b", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/openpass-sample-sites-client-js-sdk/MAL-0000-ghsa-malware-22761b2b3783be8f.json b/osv/malicious/npm/openpass-sample-sites-client-js-sdk/MAL-0000-ghsa-malware-22761b2b3783be8f.json deleted file mode 100644 index cf23a2de2..000000000 --- a/osv/malicious/npm/openpass-sample-sites-client-js-sdk/MAL-0000-ghsa-malware-22761b2b3783be8f.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T12:12:56Z", - "published": "2024-12-19T12:12:55Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-896c-6828-g8hr" - ], - "summary": "Malware in openpass-sample-sites-client-js-sdk", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "openpass-sample-sites-client-js-sdk" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-896c-6828-g8hr" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-896c-6828-g8hr" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "22761b2b3783be8fe56b0c5a6dcf9a5ad086a0be989ebb32123064f9800a7a1e", - "import_time": "2024-12-20T00:32:39.412827085Z", - "id": "GHSA-896c-6828-g8hr", - "modified_time": "2024-12-19T12:12:56Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/openpass-sample-sites-client-js-sdk/MAL-2024-11218.json b/osv/malicious/npm/openpass-sample-sites-client-js-sdk/MAL-2024-11218.json index 2a3fff079..b32ea3cad 100644 --- a/osv/malicious/npm/openpass-sample-sites-client-js-sdk/MAL-2024-11218.json +++ b/osv/malicious/npm/openpass-sample-sites-client-js-sdk/MAL-2024-11218.json @@ -1,20 +1,48 @@ { - "modified": "2024-12-08T12:46:35Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-06T04:06:53Z", "schema_version": "1.5.0", "id": "MAL-2024-11218", + "aliases": [ + "GHSA-896c-6828-g8hr" + ], "summary": "Malicious code in openpass-sample-sites-client-js-sdk (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (6dc71090f3c22a0b288ed6e8cd617d70c697b3014f36bc82b80c8fae645cb11f)\nThe OpenSSF Package Analysis project identified 'openpass-sample-sites-client-js-sdk' @ 2.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (22761b2b3783be8fe56b0c5a6dcf9a5ad086a0be989ebb32123064f9800a7a1e)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (6dc71090f3c22a0b288ed6e8cd617d70c697b3014f36bc82b80c8fae645cb11f)\nThe OpenSSF Package Analysis project identified 'openpass-sample-sites-client-js-sdk' @ 2.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "openpass-sample-sites-client-js-sdk" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "2.0.0", "2.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-896c-6828-g8hr" } ], "credits": [ @@ -46,6 +74,23 @@ "versions": [ "2.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "22761b2b3783be8fe56b0c5a6dcf9a5ad086a0be989ebb32123064f9800a7a1e", + "import_time": "2024-12-20T00:32:39.412827085Z", + "id": "GHSA-896c-6828-g8hr", + "modified_time": "2024-12-19T12:12:56Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/openpass-sample-sites-piano-io/MAL-0000-ghsa-malware-49f0304f3f60bf5d.json b/osv/malicious/npm/openpass-sample-sites-piano-io/MAL-0000-ghsa-malware-49f0304f3f60bf5d.json deleted file mode 100644 index f32653548..000000000 --- a/osv/malicious/npm/openpass-sample-sites-piano-io/MAL-0000-ghsa-malware-49f0304f3f60bf5d.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T12:12:55Z", - "published": "2024-12-19T12:12:55Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-wcc5-9jhg-gh4j" - ], - "summary": "Malware in openpass-sample-sites-piano-io", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "openpass-sample-sites-piano-io" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-wcc5-9jhg-gh4j" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-wcc5-9jhg-gh4j" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "49f0304f3f60bf5d349bb9e70fe90a204d906a2213b87d66e41afe3b0c1ddc8e", - "import_time": "2024-12-20T00:32:39.521770215Z", - "id": "GHSA-wcc5-9jhg-gh4j", - "modified_time": "2024-12-19T12:12:55Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/openpass-sample-sites-piano-io/MAL-2024-11214.json b/osv/malicious/npm/openpass-sample-sites-piano-io/MAL-2024-11214.json index 7886f1480..f6aa9f09a 100644 --- a/osv/malicious/npm/openpass-sample-sites-piano-io/MAL-2024-11214.json +++ b/osv/malicious/npm/openpass-sample-sites-piano-io/MAL-2024-11214.json @@ -1,16 +1,29 @@ { - "modified": "2024-12-09T20:06:58Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-06T03:30:50Z", "schema_version": "1.5.0", "id": "MAL-2024-11214", + "aliases": [ + "GHSA-wcc5-9jhg-gh4j" + ], "summary": "Malicious code in openpass-sample-sites-piano-io (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (bac0ccb1d7f6789762c97503eaad2060a515aec038d43118bdc90d7076cdf334)\nThe OpenSSF Package Analysis project identified 'openpass-sample-sites-piano-io' @ 2.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (49f0304f3f60bf5d349bb9e70fe90a204d906a2213b87d66e41afe3b0c1ddc8e)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (bac0ccb1d7f6789762c97503eaad2060a515aec038d43118bdc90d7076cdf334)\nThe OpenSSF Package Analysis project identified 'openpass-sample-sites-piano-io' @ 2.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "openpass-sample-sites-piano-io" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "2.0.1", "2.0.5", @@ -18,7 +31,22 @@ "2.1.0", "2.1.3", "2.1.4" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wcc5-9jhg-gh4j" } ], "credits": [ @@ -86,6 +114,23 @@ "versions": [ "2.1.4" ] + }, + { + "source": "ghsa-malware", + "sha256": "49f0304f3f60bf5d349bb9e70fe90a204d906a2213b87d66e41afe3b0c1ddc8e", + "import_time": "2024-12-20T00:32:39.521770215Z", + "id": "GHSA-wcc5-9jhg-gh4j", + "modified_time": "2024-12-19T12:12:55Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/otc-echo/MAL-0000-ghsa-malware-0b0e38efe6cfc624.json b/osv/malicious/npm/otc-echo/MAL-2024-12018.json similarity index 63% rename from osv/malicious/npm/otc-echo/MAL-0000-ghsa-malware-0b0e38efe6cfc624.json rename to osv/malicious/npm/otc-echo/MAL-2024-12018.json index 34404ba00..864ef57d6 100644 --- a/osv/malicious/npm/otc-echo/MAL-0000-ghsa-malware-0b0e38efe6cfc624.json +++ b/osv/malicious/npm/otc-echo/MAL-2024-12018.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:21:55Z", "published": "2024-12-19T11:21:55Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12018", "aliases": [ "GHSA-5cjj-5j5c-2vhc" ], - "summary": "Malware in otc-echo", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in otc-echo (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (0b0e38efe6cfc6243284d736f8569dc30c9f94b10388d60d4f0f323fbb84cf5c)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-5cjj-5j5c-2vhc" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "0b0e38efe6cfc6243284d736f8569dc30c9f94b10388d60d4f0f323fbb84cf5c", - "import_time": "2024-12-20T00:32:39.391852002Z", "id": "GHSA-5cjj-5j5c-2vhc", + "import_time": "2024-12-20T00:32:39.391852002Z", "modified_time": "2024-12-19T11:21:55Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "0b0e38efe6cfc6243284d736f8569dc30c9f94b10388d60d4f0f323fbb84cf5c", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/owc-gravityforms-zaaksysteem/MAL-0000-ghsa-malware-673deef983f16eb6.json b/osv/malicious/npm/owc-gravityforms-zaaksysteem/MAL-2024-12019.json similarity index 63% rename from osv/malicious/npm/owc-gravityforms-zaaksysteem/MAL-0000-ghsa-malware-673deef983f16eb6.json rename to osv/malicious/npm/owc-gravityforms-zaaksysteem/MAL-2024-12019.json index 211312161..3126872c1 100644 --- a/osv/malicious/npm/owc-gravityforms-zaaksysteem/MAL-0000-ghsa-malware-673deef983f16eb6.json +++ b/osv/malicious/npm/owc-gravityforms-zaaksysteem/MAL-2024-12019.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:52:28Z", "published": "2024-12-19T09:52:28Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12019", "aliases": [ "GHSA-vwcm-fh4p-vq38" ], - "summary": "Malware in owc-gravityforms-zaaksysteem", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in owc-gravityforms-zaaksysteem (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (673deef983f16eb6d5cd07cd47da2ad7ed5dae42fbbaac79e1ca22c1db7db6e5)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-vwcm-fh4p-vq38" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "673deef983f16eb6d5cd07cd47da2ad7ed5dae42fbbaac79e1ca22c1db7db6e5", - "import_time": "2024-12-20T00:32:39.514648657Z", "id": "GHSA-vwcm-fh4p-vq38", + "import_time": "2024-12-20T00:32:39.514648657Z", "modified_time": "2024-12-19T09:52:28Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "673deef983f16eb6d5cd07cd47da2ad7ed5dae42fbbaac79e1ca22c1db7db6e5", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/passport-openpass-example/MAL-0000-ghsa-malware-0761835d95103228.json b/osv/malicious/npm/passport-openpass-example/MAL-0000-ghsa-malware-0761835d95103228.json deleted file mode 100644 index 58df8da2e..000000000 --- a/osv/malicious/npm/passport-openpass-example/MAL-0000-ghsa-malware-0761835d95103228.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T12:12:56Z", - "published": "2024-12-19T12:12:56Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-fv43-5cg9-q2v4" - ], - "summary": "Malware in passport-openpass-example", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "passport-openpass-example" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-fv43-5cg9-q2v4" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-fv43-5cg9-q2v4" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "0761835d95103228401a69c1b951451a6a5698da0f7edec16514d5072d6b6051", - "import_time": "2024-12-20T00:32:39.446472324Z", - "id": "GHSA-fv43-5cg9-q2v4", - "modified_time": "2024-12-19T12:12:56Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/passport-openpass-example/MAL-2024-11756.json b/osv/malicious/npm/passport-openpass-example/MAL-2024-11756.json index d660b0f2f..fb072f9b6 100644 --- a/osv/malicious/npm/passport-openpass-example/MAL-2024-11756.json +++ b/osv/malicious/npm/passport-openpass-example/MAL-2024-11756.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-09T23:08:01Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-09T23:08:01Z", "schema_version": "1.5.0", "id": "MAL-2024-11756", + "aliases": [ + "GHSA-fv43-5cg9-q2v4" + ], "summary": "Malicious code in passport-openpass-example (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (458aa65dba9f7a869cf72b4079659545e4054e1f192ff8bd3ac6b360e99feb1c)\nThe OpenSSF Package Analysis project identified 'passport-openpass-example' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (0761835d95103228401a69c1b951451a6a5698da0f7edec16514d5072d6b6051)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (458aa65dba9f7a869cf72b4079659545e4054e1f192ff8bd3ac6b360e99feb1c)\nThe OpenSSF Package Analysis project identified 'passport-openpass-example' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "passport-openpass-example" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-fv43-5cg9-q2v4" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "458aa65dba9f7a869cf72b4079659545e4054e1f192ff8bd3ac6b360e99feb1c", "import_time": "2024-12-09T23:34:54.100171858Z", "modified_time": "2024-12-09T23:08:01Z", - "sha256": "458aa65dba9f7a869cf72b4079659545e4054e1f192ff8bd3ac6b360e99feb1c", - "source": "ossf-package-analysis", "versions": [ "1.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "0761835d95103228401a69c1b951451a6a5698da0f7edec16514d5072d6b6051", + "import_time": "2024-12-20T00:32:39.446472324Z", + "id": "GHSA-fv43-5cg9-q2v4", + "modified_time": "2024-12-19T12:12:56Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/payment-tx-params-api/MAL-0000-ghsa-malware-6861efcfa7f8e30a.json b/osv/malicious/npm/payment-tx-params-api/MAL-2024-12020.json similarity index 63% rename from osv/malicious/npm/payment-tx-params-api/MAL-0000-ghsa-malware-6861efcfa7f8e30a.json rename to osv/malicious/npm/payment-tx-params-api/MAL-2024-12020.json index d7fa8947d..d5c4c0173 100644 --- a/osv/malicious/npm/payment-tx-params-api/MAL-0000-ghsa-malware-6861efcfa7f8e30a.json +++ b/osv/malicious/npm/payment-tx-params-api/MAL-2024-12020.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:52:28Z", "published": "2024-12-19T10:52:27Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12020", "aliases": [ "GHSA-h55j-qxjx-c6vj" ], - "summary": "Malware in payment-tx-params-api", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in payment-tx-params-api (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (6861efcfa7f8e30a646e9a76387e80446245c2f7ce4966e55da1c8e6d34fcd9b)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-h55j-qxjx-c6vj" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "6861efcfa7f8e30a646e9a76387e80446245c2f7ce4966e55da1c8e6d34fcd9b", - "import_time": "2024-12-20T00:32:39.461465857Z", "id": "GHSA-h55j-qxjx-c6vj", + "import_time": "2024-12-20T00:32:39.461465857Z", "modified_time": "2024-12-19T10:52:28Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "6861efcfa7f8e30a646e9a76387e80446245c2f7ce4966e55da1c8e6d34fcd9b", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/playwright-1.45/MAL-0000-ghsa-malware-a60a2a7e0e26a325.json b/osv/malicious/npm/playwright-1.45/MAL-0000-ghsa-malware-a60a2a7e0e26a325.json deleted file mode 100644 index 1a25e5a95..000000000 --- a/osv/malicious/npm/playwright-1.45/MAL-0000-ghsa-malware-a60a2a7e0e26a325.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:46:17Z", - "published": "2024-12-19T11:46:12Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-837v-p99r-7m63" - ], - "summary": "Malware in playwright-1.45", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "playwright-1.45" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-837v-p99r-7m63" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-837v-p99r-7m63" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "a60a2a7e0e26a3252aaec3534c214513245613c9850f72abbdefc21de170d304", - "import_time": "2024-12-20T00:32:39.410151657Z", - "id": "GHSA-837v-p99r-7m63", - "modified_time": "2024-12-19T11:46:17Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/playwright-1.45/MAL-2024-11772.json b/osv/malicious/npm/playwright-1.45/MAL-2024-11772.json index 74c1f2054..8a3a1725a 100644 --- a/osv/malicious/npm/playwright-1.45/MAL-2024-11772.json +++ b/osv/malicious/npm/playwright-1.45/MAL-2024-11772.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-09T06:28:34Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-09T06:28:34Z", "schema_version": "1.5.0", "id": "MAL-2024-11772", + "aliases": [ + "GHSA-837v-p99r-7m63" + ], "summary": "Malicious code in playwright-1.45 (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (63f58d5d000d52280affc300c0f7147d5db3f8f1bf7a6a6c16e525f087282123)\nThe OpenSSF Package Analysis project identified 'playwright-1.45' @ 10.1.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (a60a2a7e0e26a3252aaec3534c214513245613c9850f72abbdefc21de170d304)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (63f58d5d000d52280affc300c0f7147d5db3f8f1bf7a6a6c16e525f087282123)\nThe OpenSSF Package Analysis project identified 'playwright-1.45' @ 10.1.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "playwright-1.45" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "10.1.3" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-837v-p99r-7m63" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "63f58d5d000d52280affc300c0f7147d5db3f8f1bf7a6a6c16e525f087282123", "import_time": "2024-12-11T00:49:35.524010712Z", "modified_time": "2024-12-09T06:28:34Z", - "sha256": "63f58d5d000d52280affc300c0f7147d5db3f8f1bf7a6a6c16e525f087282123", - "source": "ossf-package-analysis", "versions": [ "10.1.3" ] + }, + { + "source": "ghsa-malware", + "sha256": "a60a2a7e0e26a3252aaec3534c214513245613c9850f72abbdefc21de170d304", + "import_time": "2024-12-20T00:32:39.410151657Z", + "id": "GHSA-837v-p99r-7m63", + "modified_time": "2024-12-19T11:46:17Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/playwright-1.46/MAL-0000-ghsa-malware-1b54a73f91f92e32.json b/osv/malicious/npm/playwright-1.46/MAL-0000-ghsa-malware-1b54a73f91f92e32.json deleted file mode 100644 index a0d9d999c..000000000 --- a/osv/malicious/npm/playwright-1.46/MAL-0000-ghsa-malware-1b54a73f91f92e32.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T13:17:14Z", - "published": "2024-12-19T13:17:14Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-wq42-hwhv-vfph" - ], - "summary": "Malware in playwright-1.46", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "playwright-1.46" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-wq42-hwhv-vfph" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-wq42-hwhv-vfph" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "1b54a73f91f92e3252ca7711496e9a2cc0e1eabd2637f94a2bfdce96d1a94791", - "import_time": "2024-12-20T00:32:39.526184512Z", - "id": "GHSA-wq42-hwhv-vfph", - "modified_time": "2024-12-19T13:17:14Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/playwright-1.46/MAL-2024-11773.json b/osv/malicious/npm/playwright-1.46/MAL-2024-11773.json index fc589f1aa..226634aa5 100644 --- a/osv/malicious/npm/playwright-1.46/MAL-2024-11773.json +++ b/osv/malicious/npm/playwright-1.46/MAL-2024-11773.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-09T06:53:21Z", + "modified": "2024-12-20T00:33:12Z", "published": "2024-12-09T06:53:21Z", "schema_version": "1.5.0", "id": "MAL-2024-11773", + "aliases": [ + "GHSA-wq42-hwhv-vfph" + ], "summary": "Malicious code in playwright-1.46 (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (6fe20ee214afb1f54aac5a280a2aa90855693f3ff9340b198df07a41267795b6)\nThe OpenSSF Package Analysis project identified 'playwright-1.46' @ 7.2.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (1b54a73f91f92e3252ca7711496e9a2cc0e1eabd2637f94a2bfdce96d1a94791)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (6fe20ee214afb1f54aac5a280a2aa90855693f3ff9340b198df07a41267795b6)\nThe OpenSSF Package Analysis project identified 'playwright-1.46' @ 7.2.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "playwright-1.46" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "7.2.7" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wq42-hwhv-vfph" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "6fe20ee214afb1f54aac5a280a2aa90855693f3ff9340b198df07a41267795b6", "import_time": "2024-12-11T00:49:35.626795423Z", "modified_time": "2024-12-09T06:53:21Z", - "sha256": "6fe20ee214afb1f54aac5a280a2aa90855693f3ff9340b198df07a41267795b6", - "source": "ossf-package-analysis", "versions": [ "7.2.7" ] + }, + { + "source": "ghsa-malware", + "sha256": "1b54a73f91f92e3252ca7711496e9a2cc0e1eabd2637f94a2bfdce96d1a94791", + "import_time": "2024-12-20T00:32:39.526184512Z", + "id": "GHSA-wq42-hwhv-vfph", + "modified_time": "2024-12-19T13:17:14Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/playwright-1.47/MAL-0000-ghsa-malware-838a2bf47ce546af.json b/osv/malicious/npm/playwright-1.47/MAL-0000-ghsa-malware-838a2bf47ce546af.json deleted file mode 100644 index 048c06401..000000000 --- a/osv/malicious/npm/playwright-1.47/MAL-0000-ghsa-malware-838a2bf47ce546af.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:58:23Z", - "published": "2024-12-19T11:58:23Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-3367-69g6-4f4x" - ], - "summary": "Malware in playwright-1.47", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "playwright-1.47" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-3367-69g6-4f4x" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-3367-69g6-4f4x" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "838a2bf47ce546affea44fb08edc2964e2c467300c9028a29fc869db92f92a23", - "import_time": "2024-12-20T00:32:39.371082258Z", - "id": "GHSA-3367-69g6-4f4x", - "modified_time": "2024-12-19T11:58:23Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/playwright-1.47/MAL-2024-11774.json b/osv/malicious/npm/playwright-1.47/MAL-2024-11774.json index 36d24a3f2..75fd36901 100644 --- a/osv/malicious/npm/playwright-1.47/MAL-2024-11774.json +++ b/osv/malicious/npm/playwright-1.47/MAL-2024-11774.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-09T07:23:32Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-09T07:23:32Z", "schema_version": "1.5.0", "id": "MAL-2024-11774", + "aliases": [ + "GHSA-3367-69g6-4f4x" + ], "summary": "Malicious code in playwright-1.47 (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (7e68bf7093e07d3f3cda0f538047e26f2b1a4cc9fbdecb646faa26af5b528b16)\nThe OpenSSF Package Analysis project identified 'playwright-1.47' @ 10.1.8 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (838a2bf47ce546affea44fb08edc2964e2c467300c9028a29fc869db92f92a23)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (7e68bf7093e07d3f3cda0f538047e26f2b1a4cc9fbdecb646faa26af5b528b16)\nThe OpenSSF Package Analysis project identified 'playwright-1.47' @ 10.1.8 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "playwright-1.47" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "10.1.8" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-3367-69g6-4f4x" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "7e68bf7093e07d3f3cda0f538047e26f2b1a4cc9fbdecb646faa26af5b528b16", "import_time": "2024-12-11T00:49:35.731810865Z", "modified_time": "2024-12-09T07:23:32Z", - "sha256": "7e68bf7093e07d3f3cda0f538047e26f2b1a4cc9fbdecb646faa26af5b528b16", - "source": "ossf-package-analysis", "versions": [ "10.1.8" ] + }, + { + "source": "ghsa-malware", + "sha256": "838a2bf47ce546affea44fb08edc2964e2c467300c9028a29fc869db92f92a23", + "import_time": "2024-12-20T00:32:39.371082258Z", + "id": "GHSA-3367-69g6-4f4x", + "modified_time": "2024-12-19T11:58:23Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/playwright-1.48/MAL-0000-ghsa-malware-c425d60dd5426771.json b/osv/malicious/npm/playwright-1.48/MAL-2024-12021.json similarity index 63% rename from osv/malicious/npm/playwright-1.48/MAL-0000-ghsa-malware-c425d60dd5426771.json rename to osv/malicious/npm/playwright-1.48/MAL-2024-12021.json index f7345a290..a7d09620f 100644 --- a/osv/malicious/npm/playwright-1.48/MAL-0000-ghsa-malware-c425d60dd5426771.json +++ b/osv/malicious/npm/playwright-1.48/MAL-2024-12021.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:02:18Z", "published": "2024-12-19T12:02:13Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12021", "aliases": [ "GHSA-xqw4-v3qp-jhf3" ], - "summary": "Malware in playwright-1.48", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in playwright-1.48 (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (c425d60dd5426771b56cc598b6cb55fffa7b0444728b06e2d6126389582b0707)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-xqw4-v3qp-jhf3" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "c425d60dd5426771b56cc598b6cb55fffa7b0444728b06e2d6126389582b0707", - "import_time": "2024-12-20T00:32:39.535220061Z", "id": "GHSA-xqw4-v3qp-jhf3", + "import_time": "2024-12-20T00:32:39.535220061Z", "modified_time": "2024-12-19T12:02:18Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "c425d60dd5426771b56cc598b6cb55fffa7b0444728b06e2d6126389582b0707", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/pnpm-run/MAL-0000-ghsa-malware-d39da4628840938c.json b/osv/malicious/npm/pnpm-run/MAL-2024-12022.json similarity index 63% rename from osv/malicious/npm/pnpm-run/MAL-0000-ghsa-malware-d39da4628840938c.json rename to osv/malicious/npm/pnpm-run/MAL-2024-12022.json index ec15a47c3..a4d0e5978 100644 --- a/osv/malicious/npm/pnpm-run/MAL-0000-ghsa-malware-d39da4628840938c.json +++ b/osv/malicious/npm/pnpm-run/MAL-2024-12022.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:48:27Z", "published": "2024-12-19T12:48:21Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12022", "aliases": [ "GHSA-v7qv-5rc8-wj6f" ], - "summary": "Malware in pnpm-run", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in pnpm-run (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d39da4628840938cc4d6581c772a1f0039a45ec515eb70d692ec5032b15ee087)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-v7qv-5rc8-wj6f" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d39da4628840938cc4d6581c772a1f0039a45ec515eb70d692ec5032b15ee087", - "import_time": "2024-12-20T00:32:39.51101745Z", "id": "GHSA-v7qv-5rc8-wj6f", + "import_time": "2024-12-20T00:32:39.51101745Z", "modified_time": "2024-12-19T12:48:27Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d39da4628840938cc4d6581c772a1f0039a45ec515eb70d692ec5032b15ee087", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/ppw/MAL-0000-ghsa-malware-5f4bbfa2304b6d2a.json b/osv/malicious/npm/ppw/MAL-2024-12023.json similarity index 63% rename from osv/malicious/npm/ppw/MAL-0000-ghsa-malware-5f4bbfa2304b6d2a.json rename to osv/malicious/npm/ppw/MAL-2024-12023.json index a05f4d4f5..71ebc0943 100644 --- a/osv/malicious/npm/ppw/MAL-0000-ghsa-malware-5f4bbfa2304b6d2a.json +++ b/osv/malicious/npm/ppw/MAL-2024-12023.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:50:07Z", "published": "2024-12-19T12:50:06Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12023", "aliases": [ "GHSA-c5fv-96p9-mvw5" ], - "summary": "Malware in ppw", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in ppw (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (5f4bbfa2304b6d2aa4d244a2936bd5938aa3031f3d10bb23eb82631224020e55)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-c5fv-96p9-mvw5" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "5f4bbfa2304b6d2aa4d244a2936bd5938aa3031f3d10bb23eb82631224020e55", - "import_time": "2024-12-20T00:32:39.431237925Z", "id": "GHSA-c5fv-96p9-mvw5", + "import_time": "2024-12-20T00:32:39.431237925Z", "modified_time": "2024-12-19T12:50:07Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "5f4bbfa2304b6d2aa4d244a2936bd5938aa3031f3d10bb23eb82631224020e55", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/prettier-v3-for-testing/MAL-0000-ghsa-malware-522c1e741b8482af.json b/osv/malicious/npm/prettier-v3-for-testing/MAL-0000-ghsa-malware-522c1e741b8482af.json deleted file mode 100644 index afde8e60b..000000000 --- a/osv/malicious/npm/prettier-v3-for-testing/MAL-0000-ghsa-malware-522c1e741b8482af.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T12:52:12Z", - "published": "2024-12-19T12:52:11Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-4qgw-9v53-4vc3" - ], - "summary": "Malware in prettier-v3-for-testing", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "prettier-v3-for-testing" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-4qgw-9v53-4vc3" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-4qgw-9v53-4vc3" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "522c1e741b8482af7e3577e20c83b8e29a0f217b9c951d0e815e5c01af165408", - "import_time": "2024-12-20T00:32:39.385288098Z", - "id": "GHSA-4qgw-9v53-4vc3", - "modified_time": "2024-12-19T12:52:12Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/prettier-v3-for-testing/MAL-2024-11222.json b/osv/malicious/npm/prettier-v3-for-testing/MAL-2024-11222.json index ced440a99..4137ad8c5 100644 --- a/osv/malicious/npm/prettier-v3-for-testing/MAL-2024-11222.json +++ b/osv/malicious/npm/prettier-v3-for-testing/MAL-2024-11222.json @@ -1,20 +1,48 @@ { - "modified": "2024-12-09T19:05:36Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-06T19:45:58Z", "schema_version": "1.5.0", "id": "MAL-2024-11222", + "aliases": [ + "GHSA-4qgw-9v53-4vc3" + ], "summary": "Malicious code in prettier-v3-for-testing (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (6dbf2ddb32a28033cf9af1d1cb7e78cc59658938ac830958bfe54815692f3143)\nThe OpenSSF Package Analysis project identified 'prettier-v3-for-testing' @ 9.9.11 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (522c1e741b8482af7e3577e20c83b8e29a0f217b9c951d0e815e5c01af165408)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (6dbf2ddb32a28033cf9af1d1cb7e78cc59658938ac830958bfe54815692f3143)\nThe OpenSSF Package Analysis project identified 'prettier-v3-for-testing' @ 9.9.11 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "prettier-v3-for-testing" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "9.9.11", "9.9.13" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-4qgw-9v53-4vc3" } ], "credits": [ @@ -46,6 +74,23 @@ "versions": [ "9.9.13" ] + }, + { + "source": "ghsa-malware", + "sha256": "522c1e741b8482af7e3577e20c83b8e29a0f217b9c951d0e815e5c01af165408", + "import_time": "2024-12-20T00:32:39.385288098Z", + "id": "GHSA-4qgw-9v53-4vc3", + "modified_time": "2024-12-19T12:52:12Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/private-bug-bounty-secret/MAL-0000-ghsa-malware-f3a55444761df525.json b/osv/malicious/npm/private-bug-bounty-secret/MAL-2024-12025.json similarity index 63% rename from osv/malicious/npm/private-bug-bounty-secret/MAL-0000-ghsa-malware-f3a55444761df525.json rename to osv/malicious/npm/private-bug-bounty-secret/MAL-2024-12025.json index 89c8172f9..e5ae8e7b6 100644 --- a/osv/malicious/npm/private-bug-bounty-secret/MAL-0000-ghsa-malware-f3a55444761df525.json +++ b/osv/malicious/npm/private-bug-bounty-secret/MAL-2024-12025.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:53:12Z", "published": "2024-12-19T12:53:07Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12025", "aliases": [ "GHSA-94qf-79vv-x582" ], - "summary": "Malware in private-bug-bounty-secret", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in private-bug-bounty-secret (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (f3a55444761df525e7428c98e6dd9a390a1cf5cfea4a7485f768da73a2067df6)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-94qf-79vv-x582" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "f3a55444761df525e7428c98e6dd9a390a1cf5cfea4a7485f768da73a2067df6", - "import_time": "2024-12-20T00:32:39.421593028Z", "id": "GHSA-94qf-79vv-x582", + "import_time": "2024-12-20T00:32:39.421593028Z", "modified_time": "2024-12-19T12:53:12Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "f3a55444761df525e7428c98e6dd9a390a1cf5cfea4a7485f768da73a2067df6", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/private-bug-bounty/MAL-0000-ghsa-malware-a00733ed27d2b66f.json b/osv/malicious/npm/private-bug-bounty/MAL-2024-12024.json similarity index 63% rename from osv/malicious/npm/private-bug-bounty/MAL-0000-ghsa-malware-a00733ed27d2b66f.json rename to osv/malicious/npm/private-bug-bounty/MAL-2024-12024.json index 211ea0ac8..bf32c3359 100644 --- a/osv/malicious/npm/private-bug-bounty/MAL-0000-ghsa-malware-a00733ed27d2b66f.json +++ b/osv/malicious/npm/private-bug-bounty/MAL-2024-12024.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:53:07Z", "published": "2024-12-19T12:53:07Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12024", "aliases": [ "GHSA-73gw-862p-2q48" ], - "summary": "Malware in private-bug-bounty", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in private-bug-bounty (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (a00733ed27d2b66f512559495dc079196948c176ea93c337042bed009427afc4)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-73gw-862p-2q48" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "a00733ed27d2b66f512559495dc079196948c176ea93c337042bed009427afc4", - "import_time": "2024-12-20T00:32:39.403095721Z", "id": "GHSA-73gw-862p-2q48", + "import_time": "2024-12-20T00:32:39.403095721Z", "modified_time": "2024-12-19T12:53:07Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "a00733ed27d2b66f512559495dc079196948c176ea93c337042bed009427afc4", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/pushservicejs/MAL-0000-ghsa-malware-8875b705a6e05566.json b/osv/malicious/npm/pushservicejs/MAL-2024-12026.json similarity index 63% rename from osv/malicious/npm/pushservicejs/MAL-0000-ghsa-malware-8875b705a6e05566.json rename to osv/malicious/npm/pushservicejs/MAL-2024-12026.json index 7854c1e04..0cb51ce24 100644 --- a/osv/malicious/npm/pushservicejs/MAL-0000-ghsa-malware-8875b705a6e05566.json +++ b/osv/malicious/npm/pushservicejs/MAL-2024-12026.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T12:55:32Z", "published": "2024-12-19T12:55:27Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12026", "aliases": [ "GHSA-2xcp-xqx2-vm86" ], - "summary": "Malware in pushservicejs", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in pushservicejs (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (8875b705a6e055665ad1912b3f5aeca6578af2778e4b541e7061ae20d6ecbd01)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-2xcp-xqx2-vm86" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "8875b705a6e055665ad1912b3f5aeca6578af2778e4b541e7061ae20d6ecbd01", - "import_time": "2024-12-20T00:32:39.368426757Z", "id": "GHSA-2xcp-xqx2-vm86", + "import_time": "2024-12-20T00:32:39.368426757Z", "modified_time": "2024-12-19T12:55:32Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "8875b705a6e055665ad1912b3f5aeca6578af2778e4b541e7061ae20d6ecbd01", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/pzh/MAL-0000-ghsa-malware-004f5cb74f23f56b.json b/osv/malicious/npm/pzh/MAL-2024-12027.json similarity index 63% rename from osv/malicious/npm/pzh/MAL-0000-ghsa-malware-004f5cb74f23f56b.json rename to osv/malicious/npm/pzh/MAL-2024-12027.json index bcac9d1d5..106e54898 100644 --- a/osv/malicious/npm/pzh/MAL-0000-ghsa-malware-004f5cb74f23f56b.json +++ b/osv/malicious/npm/pzh/MAL-2024-12027.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:52:28Z", "published": "2024-12-19T09:52:28Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12027", "aliases": [ "GHSA-qqrg-6qrr-jrgq" ], - "summary": "Malware in pzh", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in pzh (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (004f5cb74f23f56bc002de95c9577243f64b2b9e66486ed8054b890039377d87)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-qqrg-6qrr-jrgq" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "004f5cb74f23f56bc002de95c9577243f64b2b9e66486ed8054b890039377d87", - "import_time": "2024-12-20T00:32:39.499109403Z", "id": "GHSA-qqrg-6qrr-jrgq", + "import_time": "2024-12-20T00:32:39.499109403Z", "modified_time": "2024-12-19T09:52:28Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "004f5cb74f23f56bc002de95c9577243f64b2b9e66486ed8054b890039377d87", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/qt-construct/MAL-0000-ghsa-malware-b4e83ab35f49c26d.json b/osv/malicious/npm/qt-construct/MAL-0000-ghsa-malware-b4e83ab35f49c26d.json deleted file mode 100644 index b52f8cfc9..000000000 --- a/osv/malicious/npm/qt-construct/MAL-0000-ghsa-malware-b4e83ab35f49c26d.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:19:35Z", - "published": "2024-12-19T11:19:34Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-8f28-vwjc-jq3g" - ], - "summary": "Malware in qt-construct", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "qt-construct" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-8f28-vwjc-jq3g" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-8f28-vwjc-jq3g" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "b4e83ab35f49c26dc7986fc0d8853ff836b168fef5f28c1fd662cf8afb400fc4", - "import_time": "2024-12-20T00:32:39.413683899Z", - "id": "GHSA-8f28-vwjc-jq3g", - "modified_time": "2024-12-19T11:19:35Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/qt-construct/MAL-2024-11170.json b/osv/malicious/npm/qt-construct/MAL-2024-11170.json index cce2312ec..c0a9e6d3c 100644 --- a/osv/malicious/npm/qt-construct/MAL-2024-11170.json +++ b/osv/malicious/npm/qt-construct/MAL-2024-11170.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T14:54:58Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T14:54:58Z", "schema_version": "1.5.0", "id": "MAL-2024-11170", + "aliases": [ + "GHSA-8f28-vwjc-jq3g" + ], "summary": "Malicious code in qt-construct (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (f59641806b488310b42b664fd469ed1bbc255b3dc2d1560cff5d1596d2020b88)\nThe OpenSSF Package Analysis project identified 'qt-construct' @ 7.4.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (b4e83ab35f49c26dc7986fc0d8853ff836b168fef5f28c1fd662cf8afb400fc4)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (f59641806b488310b42b664fd469ed1bbc255b3dc2d1560cff5d1596d2020b88)\nThe OpenSSF Package Analysis project identified 'qt-construct' @ 7.4.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "qt-construct" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "7.4.9" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-8f28-vwjc-jq3g" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "f59641806b488310b42b664fd469ed1bbc255b3dc2d1560cff5d1596d2020b88", "import_time": "2024-12-02T11:05:09.489470743Z", "modified_time": "2024-12-01T14:54:58Z", - "sha256": "f59641806b488310b42b664fd469ed1bbc255b3dc2d1560cff5d1596d2020b88", - "source": "ossf-package-analysis", "versions": [ "7.4.9" ] + }, + { + "source": "ghsa-malware", + "sha256": "b4e83ab35f49c26dc7986fc0d8853ff836b168fef5f28c1fd662cf8afb400fc4", + "import_time": "2024-12-20T00:32:39.413683899Z", + "id": "GHSA-8f28-vwjc-jq3g", + "modified_time": "2024-12-19T11:19:35Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/quintoandar-jwt/MAL-0000-ghsa-malware-36d0f52e6a3bbd3f.json b/osv/malicious/npm/quintoandar-jwt/MAL-0000-ghsa-malware-36d0f52e6a3bbd3f.json deleted file mode 100644 index 5fefb5876..000000000 --- a/osv/malicious/npm/quintoandar-jwt/MAL-0000-ghsa-malware-36d0f52e6a3bbd3f.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:03:48Z", - "published": "2024-12-19T11:03:48Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-9qqc-mc7m-94fr" - ], - "summary": "Malware in quintoandar-jwt", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "quintoandar-jwt" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-9qqc-mc7m-94fr" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-9qqc-mc7m-94fr" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "36d0f52e6a3bbd3fdbc84b19ad4b18ff69ea20aa7dbb1fd508917d33072259ee", - "import_time": "2024-12-20T00:32:39.429769843Z", - "id": "GHSA-9qqc-mc7m-94fr", - "modified_time": "2024-12-19T11:03:48Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/quintoandar-jwt/MAL-2024-11200.json b/osv/malicious/npm/quintoandar-jwt/MAL-2024-11200.json index 9e6db2dda..aa18b4c94 100644 --- a/osv/malicious/npm/quintoandar-jwt/MAL-2024-11200.json +++ b/osv/malicious/npm/quintoandar-jwt/MAL-2024-11200.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-05T00:55:28Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-05T00:55:28Z", "schema_version": "1.5.0", "id": "MAL-2024-11200", + "aliases": [ + "GHSA-9qqc-mc7m-94fr" + ], "summary": "Malicious code in quintoandar-jwt (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (31e288d81228e20d4b57789fe6d4fa0ff92aad17b56560a42ffaf772fee51575)\nThe OpenSSF Package Analysis project identified 'quintoandar-jwt' @ 9.9.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (36d0f52e6a3bbd3fdbc84b19ad4b18ff69ea20aa7dbb1fd508917d33072259ee)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (31e288d81228e20d4b57789fe6d4fa0ff92aad17b56560a42ffaf772fee51575)\nThe OpenSSF Package Analysis project identified 'quintoandar-jwt' @ 9.9.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "quintoandar-jwt" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "9.9.99" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-9qqc-mc7m-94fr" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "31e288d81228e20d4b57789fe6d4fa0ff92aad17b56560a42ffaf772fee51575", "import_time": "2024-12-05T01:33:28.163772099Z", "modified_time": "2024-12-05T00:55:28Z", - "sha256": "31e288d81228e20d4b57789fe6d4fa0ff92aad17b56560a42ffaf772fee51575", - "source": "ossf-package-analysis", "versions": [ "9.9.99" ] + }, + { + "source": "ghsa-malware", + "sha256": "36d0f52e6a3bbd3fdbc84b19ad4b18ff69ea20aa7dbb1fd508917d33072259ee", + "import_time": "2024-12-20T00:32:39.429769843Z", + "id": "GHSA-9qqc-mc7m-94fr", + "modified_time": "2024-12-19T11:03:48Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/quintoandar-logger/MAL-0000-ghsa-malware-f4af1eeb8b81ed93.json b/osv/malicious/npm/quintoandar-logger/MAL-2024-12028.json similarity index 63% rename from osv/malicious/npm/quintoandar-logger/MAL-0000-ghsa-malware-f4af1eeb8b81ed93.json rename to osv/malicious/npm/quintoandar-logger/MAL-2024-12028.json index bbe460ef3..dfefe3959 100644 --- a/osv/malicious/npm/quintoandar-logger/MAL-0000-ghsa-malware-f4af1eeb8b81ed93.json +++ b/osv/malicious/npm/quintoandar-logger/MAL-2024-12028.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:03:49Z", "published": "2024-12-19T11:03:48Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12028", "aliases": [ "GHSA-v545-5gxj-84x4" ], - "summary": "Malware in quintoandar-logger", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in quintoandar-logger (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (f4af1eeb8b81ed935d92039b3a23f267d60ba38766214fd0254d9530a3c9b08e)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-v545-5gxj-84x4" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "f4af1eeb8b81ed935d92039b3a23f267d60ba38766214fd0254d9530a3c9b08e", - "import_time": "2024-12-20T00:32:39.510190772Z", "id": "GHSA-v545-5gxj-84x4", + "import_time": "2024-12-20T00:32:39.510190772Z", "modified_time": "2024-12-19T11:03:49Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "f4af1eeb8b81ed935d92039b3a23f267d60ba38766214fd0254d9530a3c9b08e", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/rafarafa_package/MAL-0000-ghsa-malware-fef5839fff290714.json b/osv/malicious/npm/rafarafa_package/MAL-2024-12029.json similarity index 63% rename from osv/malicious/npm/rafarafa_package/MAL-0000-ghsa-malware-fef5839fff290714.json rename to osv/malicious/npm/rafarafa_package/MAL-2024-12029.json index 499254b43..ffade2682 100644 --- a/osv/malicious/npm/rafarafa_package/MAL-0000-ghsa-malware-fef5839fff290714.json +++ b/osv/malicious/npm/rafarafa_package/MAL-2024-12029.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:00:53Z", "published": "2024-12-19T13:00:52Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12029", "aliases": [ "GHSA-vg25-6g68-8vp3" ], - "summary": "Malware in rafarafa_package", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in rafarafa_package (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (fef5839fff290714b9670f7234be53a1ba5805118f3ff573e3e7340496a8c133)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-vg25-6g68-8vp3" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "fef5839fff290714b9670f7234be53a1ba5805118f3ff573e3e7340496a8c133", - "import_time": "2024-12-20T00:32:39.512896587Z", "id": "GHSA-vg25-6g68-8vp3", + "import_time": "2024-12-20T00:32:39.512896587Z", "modified_time": "2024-12-19T13:00:53Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "fef5839fff290714b9670f7234be53a1ba5805118f3ff573e3e7340496a8c133", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/raptor-library/MAL-0000-ghsa-malware-585ea8fb4bbab201.json b/osv/malicious/npm/raptor-library/MAL-0000-ghsa-malware-585ea8fb4bbab201.json deleted file mode 100644 index ec63ce70b..000000000 --- a/osv/malicious/npm/raptor-library/MAL-0000-ghsa-malware-585ea8fb4bbab201.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T13:01:47Z", - "published": "2024-12-19T13:01:43Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-67mc-jvh7-q64w" - ], - "summary": "Malware in raptor-library", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "raptor-library" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-67mc-jvh7-q64w" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-67mc-jvh7-q64w" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "585ea8fb4bbab2014a88a88807c9c5150eaf104c34a0d3158c0b7ed114aba2c3", - "import_time": "2024-12-20T00:32:39.398829435Z", - "id": "GHSA-67mc-jvh7-q64w", - "modified_time": "2024-12-19T13:01:47Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/raptor-library/MAL-2024-11791.json b/osv/malicious/npm/raptor-library/MAL-2024-11791.json index f2fda0d28..cf8b93eaf 100644 --- a/osv/malicious/npm/raptor-library/MAL-2024-11791.json +++ b/osv/malicious/npm/raptor-library/MAL-2024-11791.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-12T13:16:03Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-12T13:16:03Z", "schema_version": "1.5.0", "id": "MAL-2024-11791", + "aliases": [ + "GHSA-67mc-jvh7-q64w" + ], "summary": "Malicious code in raptor-library (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (225857bab7c7118f473c17444f000558a0e12a16e4809b3ca87f493c0cd8c178)\nThe OpenSSF Package Analysis project identified 'raptor-library' @ 100.0.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (585ea8fb4bbab2014a88a88807c9c5150eaf104c34a0d3158c0b7ed114aba2c3)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (225857bab7c7118f473c17444f000558a0e12a16e4809b3ca87f493c0cd8c178)\nThe OpenSSF Package Analysis project identified 'raptor-library' @ 100.0.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "raptor-library" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "100.0.6" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-67mc-jvh7-q64w" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "225857bab7c7118f473c17444f000558a0e12a16e4809b3ca87f493c0cd8c178", "import_time": "2024-12-12T13:39:01.823989629Z", "modified_time": "2024-12-12T13:16:03Z", - "sha256": "225857bab7c7118f473c17444f000558a0e12a16e4809b3ca87f493c0cd8c178", - "source": "ossf-package-analysis", "versions": [ "100.0.6" ] + }, + { + "source": "ghsa-malware", + "sha256": "585ea8fb4bbab2014a88a88807c9c5150eaf104c34a0d3158c0b7ed114aba2c3", + "import_time": "2024-12-20T00:32:39.398829435Z", + "id": "GHSA-67mc-jvh7-q64w", + "modified_time": "2024-12-19T13:01:47Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/rc-network/MAL-0000-ghsa-malware-92fa4153701892bb.json b/osv/malicious/npm/rc-network/MAL-0000-ghsa-malware-92fa4153701892bb.json deleted file mode 100644 index 045531689..000000000 --- a/osv/malicious/npm/rc-network/MAL-0000-ghsa-malware-92fa4153701892bb.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T13:03:13Z", - "published": "2024-12-19T13:03:13Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-rg62-xcvp-mfv9" - ], - "summary": "Malware in rc-network", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "rc-network" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-rg62-xcvp-mfv9" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-rg62-xcvp-mfv9" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "92fa4153701892bbacd5a9c984d56b98fb7dde59df2dc84760fe47af95bad5fd", - "import_time": "2024-12-20T00:32:39.506416449Z", - "id": "GHSA-rg62-xcvp-mfv9", - "modified_time": "2024-12-19T13:03:13Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/rc-network/MAL-2024-10900.json b/osv/malicious/npm/rc-network/MAL-2024-10900.json index a693d3d8b..d607da5ca 100644 --- a/osv/malicious/npm/rc-network/MAL-2024-10900.json +++ b/osv/malicious/npm/rc-network/MAL-2024-10900.json @@ -1,21 +1,49 @@ { - "modified": "2024-11-27T05:06:23Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-11-25T18:20:45Z", "schema_version": "1.5.0", "id": "MAL-2024-10900", + "aliases": [ + "GHSA-rg62-xcvp-mfv9" + ], "summary": "Malicious code in rc-network (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (7eec0a00c88f1bb9cf780b9b92a2bead57974a8ea7b1592f6ea83dd3d2dbaec0)\nThe OpenSSF Package Analysis project identified 'rc-network' @ 1.0.24 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (92fa4153701892bbacd5a9c984d56b98fb7dde59df2dc84760fe47af95bad5fd)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (7eec0a00c88f1bb9cf780b9b92a2bead57974a8ea7b1592f6ea83dd3d2dbaec0)\nThe OpenSSF Package Analysis project identified 'rc-network' @ 1.0.24 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "rc-network" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "2.0.0", "1.0.24", "2.0.5" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rg62-xcvp-mfv9" } ], "credits": [ @@ -56,6 +84,23 @@ "versions": [ "2.0.5" ] + }, + { + "source": "ghsa-malware", + "sha256": "92fa4153701892bbacd5a9c984d56b98fb7dde59df2dc84760fe47af95bad5fd", + "import_time": "2024-12-20T00:32:39.506416449Z", + "id": "GHSA-rg62-xcvp-mfv9", + "modified_time": "2024-12-19T13:03:13Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/rdjjfjooirpp.js/MAL-0000-ghsa-malware-0def3cb04d3fb8c6.json b/osv/malicious/npm/rdjjfjooirpp.js/MAL-2024-12030.json similarity index 63% rename from osv/malicious/npm/rdjjfjooirpp.js/MAL-0000-ghsa-malware-0def3cb04d3fb8c6.json rename to osv/malicious/npm/rdjjfjooirpp.js/MAL-2024-12030.json index 322e929b0..bf6a4c516 100644 --- a/osv/malicious/npm/rdjjfjooirpp.js/MAL-0000-ghsa-malware-0def3cb04d3fb8c6.json +++ b/osv/malicious/npm/rdjjfjooirpp.js/MAL-2024-12030.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:04:43Z", "published": "2024-12-19T13:04:42Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12030", "aliases": [ "GHSA-37m6-f5mq-6wp2" ], - "summary": "Malware in rdjjfjooirpp.js", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in rdjjfjooirpp.js (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (0def3cb04d3fb8c638daf6a97a708bd6b95632da63635563110d5827170cfff5)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-37m6-f5mq-6wp2" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "0def3cb04d3fb8c638daf6a97a708bd6b95632da63635563110d5827170cfff5", - "import_time": "2024-12-20T00:32:39.372700028Z", "id": "GHSA-37m6-f5mq-6wp2", + "import_time": "2024-12-20T00:32:39.372700028Z", "modified_time": "2024-12-19T13:04:43Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "0def3cb04d3fb8c638daf6a97a708bd6b95632da63635563110d5827170cfff5", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/react-multer/MAL-0000-ghsa-malware-876139b096ddb1bf.json b/osv/malicious/npm/react-multer/MAL-2024-12031.json similarity index 63% rename from osv/malicious/npm/react-multer/MAL-0000-ghsa-malware-876139b096ddb1bf.json rename to osv/malicious/npm/react-multer/MAL-2024-12031.json index 51f5e72a8..bad777d0c 100644 --- a/osv/malicious/npm/react-multer/MAL-0000-ghsa-malware-876139b096ddb1bf.json +++ b/osv/malicious/npm/react-multer/MAL-2024-12031.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:08:18Z", "published": "2024-12-19T13:08:18Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12031", "aliases": [ "GHSA-353r-526v-p68c" ], - "summary": "Malware in react-multer", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in react-multer (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (876139b096ddb1bf239489a666a6248e65ba5512906c207b40104c7efe2f1616)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-353r-526v-p68c" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "876139b096ddb1bf239489a666a6248e65ba5512906c207b40104c7efe2f1616", - "import_time": "2024-12-20T00:32:39.371751434Z", "id": "GHSA-353r-526v-p68c", + "import_time": "2024-12-20T00:32:39.371751434Z", "modified_time": "2024-12-19T13:08:18Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "876139b096ddb1bf239489a666a6248e65ba5512906c207b40104c7efe2f1616", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/react-pillbox/MAL-0000-ghsa-malware-ab745e5454a4aede.json b/osv/malicious/npm/react-pillbox/MAL-0000-ghsa-malware-ab745e5454a4aede.json deleted file mode 100644 index 138e6a057..000000000 --- a/osv/malicious/npm/react-pillbox/MAL-0000-ghsa-malware-ab745e5454a4aede.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:12:45Z", - "published": "2024-12-19T11:12:44Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-cm5j-qp99-8wwp" - ], - "summary": "Malware in react-pillbox", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "react-pillbox" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-cm5j-qp99-8wwp" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-cm5j-qp99-8wwp" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "ab745e5454a4aede527ec57bebcb7edd1700ad72e195f290ccf92b03eb3df0e4", - "import_time": "2024-12-20T00:32:39.435488474Z", - "id": "GHSA-cm5j-qp99-8wwp", - "modified_time": "2024-12-19T11:12:45Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/react-pillbox/MAL-2024-11231.json b/osv/malicious/npm/react-pillbox/MAL-2024-11231.json index c649d2d0c..f69e535df 100644 --- a/osv/malicious/npm/react-pillbox/MAL-2024-11231.json +++ b/osv/malicious/npm/react-pillbox/MAL-2024-11231.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-07T15:45:42Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-07T15:45:42Z", "schema_version": "1.5.0", "id": "MAL-2024-11231", + "aliases": [ + "GHSA-cm5j-qp99-8wwp" + ], "summary": "Malicious code in react-pillbox (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (7a559ac21015bfbce50dd60842f5398d23b28c7b6f8d3739914279d28f64a1ca)\nThe OpenSSF Package Analysis project identified 'react-pillbox' @ 100.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (ab745e5454a4aede527ec57bebcb7edd1700ad72e195f290ccf92b03eb3df0e4)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (7a559ac21015bfbce50dd60842f5398d23b28c7b6f8d3739914279d28f64a1ca)\nThe OpenSSF Package Analysis project identified 'react-pillbox' @ 100.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "react-pillbox" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "100.0.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-cm5j-qp99-8wwp" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "7a559ac21015bfbce50dd60842f5398d23b28c7b6f8d3739914279d28f64a1ca", "import_time": "2024-12-07T16:05:34.331000194Z", "modified_time": "2024-12-07T15:45:42Z", - "sha256": "7a559ac21015bfbce50dd60842f5398d23b28c7b6f8d3739914279d28f64a1ca", - "source": "ossf-package-analysis", "versions": [ "100.0.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "ab745e5454a4aede527ec57bebcb7edd1700ad72e195f290ccf92b03eb3df0e4", + "import_time": "2024-12-20T00:32:39.435488474Z", + "id": "GHSA-cm5j-qp99-8wwp", + "modified_time": "2024-12-19T11:12:45Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/readium-css/MAL-0000-ghsa-malware-e052a1c3b7fcfedb.json b/osv/malicious/npm/readium-css/MAL-0000-ghsa-malware-e052a1c3b7fcfedb.json deleted file mode 100644 index ca336303d..000000000 --- a/osv/malicious/npm/readium-css/MAL-0000-ghsa-malware-e052a1c3b7fcfedb.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:21:55Z", - "published": "2024-12-19T11:21:55Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-wh3q-fc6q-65hm" - ], - "summary": "Malware in readium-css", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "readium-css" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-wh3q-fc6q-65hm" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-wh3q-fc6q-65hm" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "e052a1c3b7fcfedb0cee689603d30bf043df8eebeff0146be74a4b0e218d62a0", - "import_time": "2024-12-20T00:32:39.523569809Z", - "id": "GHSA-wh3q-fc6q-65hm", - "modified_time": "2024-12-19T11:21:55Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/readium-css/MAL-2024-11171.json b/osv/malicious/npm/readium-css/MAL-2024-11171.json index b4320cad7..90fda852c 100644 --- a/osv/malicious/npm/readium-css/MAL-2024-11171.json +++ b/osv/malicious/npm/readium-css/MAL-2024-11171.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T15:13:31Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T15:13:31Z", "schema_version": "1.5.0", "id": "MAL-2024-11171", + "aliases": [ + "GHSA-wh3q-fc6q-65hm" + ], "summary": "Malicious code in readium-css (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (ee1911793f908d81dc7257abe6b1e0a7d3030bce7d57229f723e62285f5f4d66)\nThe OpenSSF Package Analysis project identified 'readium-css' @ 10.5.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (e052a1c3b7fcfedb0cee689603d30bf043df8eebeff0146be74a4b0e218d62a0)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (ee1911793f908d81dc7257abe6b1e0a7d3030bce7d57229f723e62285f5f4d66)\nThe OpenSSF Package Analysis project identified 'readium-css' @ 10.5.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "readium-css" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "10.5.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wh3q-fc6q-65hm" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "ee1911793f908d81dc7257abe6b1e0a7d3030bce7d57229f723e62285f5f4d66", "import_time": "2024-12-02T11:05:09.596677757Z", "modified_time": "2024-12-01T15:13:31Z", - "sha256": "ee1911793f908d81dc7257abe6b1e0a7d3030bce7d57229f723e62285f5f4d66", - "source": "ossf-package-analysis", "versions": [ "10.5.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "e052a1c3b7fcfedb0cee689603d30bf043df8eebeff0146be74a4b0e218d62a0", + "import_time": "2024-12-20T00:32:39.523569809Z", + "id": "GHSA-wh3q-fc6q-65hm", + "modified_time": "2024-12-19T11:21:55Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/reftest-helper-for-ae1x/MAL-0000-ghsa-malware-4986452b8d061de2.json b/osv/malicious/npm/reftest-helper-for-ae1x/MAL-2024-12033.json similarity index 63% rename from osv/malicious/npm/reftest-helper-for-ae1x/MAL-0000-ghsa-malware-4986452b8d061de2.json rename to osv/malicious/npm/reftest-helper-for-ae1x/MAL-2024-12033.json index 9b0852d96..56b380951 100644 --- a/osv/malicious/npm/reftest-helper-for-ae1x/MAL-0000-ghsa-malware-4986452b8d061de2.json +++ b/osv/malicious/npm/reftest-helper-for-ae1x/MAL-2024-12033.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:31:16Z", "published": "2024-12-19T11:31:10Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12033", "aliases": [ "GHSA-p7j5-fr86-qhpr" ], - "summary": "Malware in reftest-helper-for-ae1x", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in reftest-helper-for-ae1x (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (4986452b8d061de29b89d8be274994d511793fec0bc761b833f96dd3ce7563c0)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-p7j5-fr86-qhpr" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "4986452b8d061de29b89d8be274994d511793fec0bc761b833f96dd3ce7563c0", - "import_time": "2024-12-20T00:32:39.486021002Z", "id": "GHSA-p7j5-fr86-qhpr", + "import_time": "2024-12-20T00:32:39.486021002Z", "modified_time": "2024-12-19T11:31:16Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "4986452b8d061de29b89d8be274994d511793fec0bc761b833f96dd3ce7563c0", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/reftest-helper/MAL-0000-ghsa-malware-3d8ab9939c0e96ed.json b/osv/malicious/npm/reftest-helper/MAL-2024-12032.json similarity index 63% rename from osv/malicious/npm/reftest-helper/MAL-0000-ghsa-malware-3d8ab9939c0e96ed.json rename to osv/malicious/npm/reftest-helper/MAL-2024-12032.json index 2d7e176a4..3fc134a76 100644 --- a/osv/malicious/npm/reftest-helper/MAL-0000-ghsa-malware-3d8ab9939c0e96ed.json +++ b/osv/malicious/npm/reftest-helper/MAL-2024-12032.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:24:20Z", "published": "2024-12-19T11:24:20Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12032", "aliases": [ "GHSA-cmh3-hh65-wjpw" ], - "summary": "Malware in reftest-helper", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in reftest-helper (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (3d8ab9939c0e96ed9afc95b255b779da36399009af3d7c7a43cab08a65ab9112)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-cmh3-hh65-wjpw" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "3d8ab9939c0e96ed9afc95b255b779da36399009af3d7c7a43cab08a65ab9112", - "import_time": "2024-12-20T00:32:39.43641667Z", "id": "GHSA-cmh3-hh65-wjpw", + "import_time": "2024-12-20T00:32:39.43641667Z", "modified_time": "2024-12-19T11:24:20Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "3d8ab9939c0e96ed9afc95b255b779da36399009af3d7c7a43cab08a65ab9112", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/ripple-blobvault/MAL-0000-ghsa-malware-11bb338f9818afd2.json b/osv/malicious/npm/ripple-blobvault/MAL-0000-ghsa-malware-11bb338f9818afd2.json deleted file mode 100644 index 3423fe1e4..000000000 --- a/osv/malicious/npm/ripple-blobvault/MAL-0000-ghsa-malware-11bb338f9818afd2.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:03:58Z", - "published": "2024-12-19T11:03:48Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-wxjj-7x76-4c2p" - ], - "summary": "Malware in ripple-blobvault", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "ripple-blobvault" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-wxjj-7x76-4c2p" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-wxjj-7x76-4c2p" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "11bb338f9818afd2b62bcfae1974c0ab6000b8f99f0c2815b33790a14c6beef3", - "import_time": "2024-12-20T00:32:39.526993637Z", - "id": "GHSA-wxjj-7x76-4c2p", - "modified_time": "2024-12-19T11:03:58Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/ripple-blobvault/MAL-2024-11220.json b/osv/malicious/npm/ripple-blobvault/MAL-2024-11220.json index 2c443d8d8..e64faf074 100644 --- a/osv/malicious/npm/ripple-blobvault/MAL-2024-11220.json +++ b/osv/malicious/npm/ripple-blobvault/MAL-2024-11220.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-06T15:05:46Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-06T15:05:46Z", "schema_version": "1.5.0", "id": "MAL-2024-11220", + "aliases": [ + "GHSA-wxjj-7x76-4c2p" + ], "summary": "Malicious code in ripple-blobvault (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (e0e8b1110239d10adfe04353b8c1f83c1a823064d2a2aec72d738bc9fc1cdaa9)\nThe OpenSSF Package Analysis project identified 'ripple-blobvault' @ 9.9.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (11bb338f9818afd2b62bcfae1974c0ab6000b8f99f0c2815b33790a14c6beef3)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (e0e8b1110239d10adfe04353b8c1f83c1a823064d2a2aec72d738bc9fc1cdaa9)\nThe OpenSSF Package Analysis project identified 'ripple-blobvault' @ 9.9.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "ripple-blobvault" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "9.9.99" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wxjj-7x76-4c2p" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "e0e8b1110239d10adfe04353b8c1f83c1a823064d2a2aec72d738bc9fc1cdaa9", "import_time": "2024-12-06T15:36:23.288112067Z", "modified_time": "2024-12-06T15:05:46Z", - "sha256": "e0e8b1110239d10adfe04353b8c1f83c1a823064d2a2aec72d738bc9fc1cdaa9", - "source": "ossf-package-analysis", "versions": [ "9.9.99" ] + }, + { + "source": "ghsa-malware", + "sha256": "11bb338f9818afd2b62bcfae1974c0ab6000b8f99f0c2815b33790a14c6beef3", + "import_time": "2024-12-20T00:32:39.526993637Z", + "id": "GHSA-wxjj-7x76-4c2p", + "modified_time": "2024-12-19T11:03:58Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/rodas/MAL-0000-ghsa-malware-6a32a859b94890e0.json b/osv/malicious/npm/rodas/MAL-2024-12034.json similarity index 63% rename from osv/malicious/npm/rodas/MAL-0000-ghsa-malware-6a32a859b94890e0.json rename to osv/malicious/npm/rodas/MAL-2024-12034.json index 831c71562..569e9e9e5 100644 --- a/osv/malicious/npm/rodas/MAL-0000-ghsa-malware-6a32a859b94890e0.json +++ b/osv/malicious/npm/rodas/MAL-2024-12034.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:10:59Z", "published": "2024-12-19T13:10:58Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12034", "aliases": [ "GHSA-qgqj-q5rh-v7g4" ], - "summary": "Malware in rodas", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in rodas (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (6a32a859b94890e0e9f98e44e7e1371a0e22a191cb0a8324611736b601262baa)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-qgqj-q5rh-v7g4" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "6a32a859b94890e0e9f98e44e7e1371a0e22a191cb0a8324611736b601262baa", - "import_time": "2024-12-20T00:32:39.49725083Z", "id": "GHSA-qgqj-q5rh-v7g4", + "import_time": "2024-12-20T00:32:39.49725083Z", "modified_time": "2024-12-19T13:10:59Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "6a32a859b94890e0e9f98e44e7e1371a0e22a191cb0a8324611736b601262baa", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/scalavex/MAL-0000-ghsa-malware-f2c3e20b9de8d5df.json b/osv/malicious/npm/scalavex/MAL-2024-12035.json similarity index 63% rename from osv/malicious/npm/scalavex/MAL-0000-ghsa-malware-f2c3e20b9de8d5df.json rename to osv/malicious/npm/scalavex/MAL-2024-12035.json index 4cd8a79ae..df17b6c82 100644 --- a/osv/malicious/npm/scalavex/MAL-0000-ghsa-malware-f2c3e20b9de8d5df.json +++ b/osv/malicious/npm/scalavex/MAL-2024-12035.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:12:18Z", "published": "2024-12-19T13:12:13Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12035", "aliases": [ "GHSA-q9jc-qrx8-27cv" ], - "summary": "Malware in scalavex", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in scalavex (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (f2c3e20b9de8d5df626f2290f08c5a19243ce682e61ef5b05fc6796febf73e30)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-q9jc-qrx8-27cv" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "f2c3e20b9de8d5df626f2290f08c5a19243ce682e61ef5b05fc6796febf73e30", - "import_time": "2024-12-20T00:32:39.495549354Z", "id": "GHSA-q9jc-qrx8-27cv", + "import_time": "2024-12-20T00:32:39.495549354Z", "modified_time": "2024-12-19T13:12:18Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "f2c3e20b9de8d5df626f2290f08c5a19243ce682e61ef5b05fc6796febf73e30", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/secret-scanning-custom-notifications/MAL-0000-ghsa-malware-327294aa7aee3dce.json b/osv/malicious/npm/secret-scanning-custom-notifications/MAL-2024-12036.json similarity index 62% rename from osv/malicious/npm/secret-scanning-custom-notifications/MAL-0000-ghsa-malware-327294aa7aee3dce.json rename to osv/malicious/npm/secret-scanning-custom-notifications/MAL-2024-12036.json index b95abb041..03dbe62e6 100644 --- a/osv/malicious/npm/secret-scanning-custom-notifications/MAL-0000-ghsa-malware-327294aa7aee3dce.json +++ b/osv/malicious/npm/secret-scanning-custom-notifications/MAL-2024-12036.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:02:23Z", "published": "2024-12-19T11:02:23Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12036", "aliases": [ "GHSA-9hcm-xvx9-5p9p" ], - "summary": "Malware in secret-scanning-custom-notifications", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in secret-scanning-custom-notifications (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (327294aa7aee3dce9cc1b90296b239e83b00f5589a3613f7261f268283a575aa)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-9hcm-xvx9-5p9p" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "327294aa7aee3dce9cc1b90296b239e83b00f5589a3613f7261f268283a575aa", - "import_time": "2024-12-20T00:32:39.424422132Z", "id": "GHSA-9hcm-xvx9-5p9p", + "import_time": "2024-12-20T00:32:39.424422132Z", "modified_time": "2024-12-19T11:02:23Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "327294aa7aee3dce9cc1b90296b239e83b00f5589a3613f7261f268283a575aa", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/security-alert-watcher/MAL-0000-ghsa-malware-b571f55a5f40419c.json b/osv/malicious/npm/security-alert-watcher/MAL-0000-ghsa-malware-b571f55a5f40419c.json deleted file mode 100644 index d811c2755..000000000 --- a/osv/malicious/npm/security-alert-watcher/MAL-0000-ghsa-malware-b571f55a5f40419c.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:02:23Z", - "published": "2024-12-19T11:02:22Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-wj7m-7r4j-v7rm" - ], - "summary": "Malware in security-alert-watcher", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "security-alert-watcher" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-wj7m-7r4j-v7rm" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-wj7m-7r4j-v7rm" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "b571f55a5f40419ca8cad82f299058dbe569e0a541e1909bcde9ce29f239101d", - "import_time": "2024-12-20T00:32:39.524474878Z", - "id": "GHSA-wj7m-7r4j-v7rm", - "modified_time": "2024-12-19T11:02:23Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/security-alert-watcher/MAL-2024-10881.json b/osv/malicious/npm/security-alert-watcher/MAL-2024-10881.json index 484e8b2dd..9460a2b55 100644 --- a/osv/malicious/npm/security-alert-watcher/MAL-2024-10881.json +++ b/osv/malicious/npm/security-alert-watcher/MAL-2024-10881.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-22T23:15:54Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-11-22T23:15:54Z", "schema_version": "1.5.0", "id": "MAL-2024-10881", + "aliases": [ + "GHSA-wj7m-7r4j-v7rm" + ], "summary": "Malicious code in security-alert-watcher (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (60143053a50a131463b344fc0e64c7f5601ae6c70bfbf832bef293d4ba56b2af)\nThe OpenSSF Package Analysis project identified 'security-alert-watcher' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (b571f55a5f40419ca8cad82f299058dbe569e0a541e1909bcde9ce29f239101d)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (60143053a50a131463b344fc0e64c7f5601ae6c70bfbf832bef293d4ba56b2af)\nThe OpenSSF Package Analysis project identified 'security-alert-watcher' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "security-alert-watcher" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "0.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wj7m-7r4j-v7rm" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "60143053a50a131463b344fc0e64c7f5601ae6c70bfbf832bef293d4ba56b2af", "import_time": "2024-11-22T23:35:09.652600505Z", "modified_time": "2024-11-22T23:15:54Z", - "sha256": "60143053a50a131463b344fc0e64c7f5601ae6c70bfbf832bef293d4ba56b2af", - "source": "ossf-package-analysis", "versions": [ "0.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "b571f55a5f40419ca8cad82f299058dbe569e0a541e1909bcde9ce29f239101d", + "import_time": "2024-12-20T00:32:39.524474878Z", + "id": "GHSA-wj7m-7r4j-v7rm", + "modified_time": "2024-12-19T11:02:23Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/self-qualification-dialog-sdk/MAL-0000-ghsa-malware-b4a2fa187ce4ea9c.json b/osv/malicious/npm/self-qualification-dialog-sdk/MAL-2024-12037.json similarity index 63% rename from osv/malicious/npm/self-qualification-dialog-sdk/MAL-0000-ghsa-malware-b4a2fa187ce4ea9c.json rename to osv/malicious/npm/self-qualification-dialog-sdk/MAL-2024-12037.json index dbde940f3..b03783a69 100644 --- a/osv/malicious/npm/self-qualification-dialog-sdk/MAL-0000-ghsa-malware-b4a2fa187ce4ea9c.json +++ b/osv/malicious/npm/self-qualification-dialog-sdk/MAL-2024-12037.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:12Z", "published": "2024-12-19T10:56:03Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12037", "aliases": [ "GHSA-cvv7-vgvq-rf4x" ], - "summary": "Malware in self-qualification-dialog-sdk", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in self-qualification-dialog-sdk (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (b4a2fa187ce4ea9cd50008e9f7fd8e2486ba13b990e3111ced9bcd9a762e5cdd)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-cvv7-vgvq-rf4x" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "b4a2fa187ce4ea9cd50008e9f7fd8e2486ba13b990e3111ced9bcd9a762e5cdd", - "import_time": "2024-12-20T00:32:39.43748563Z", "id": "GHSA-cvv7-vgvq-rf4x", + "import_time": "2024-12-20T00:32:39.43748563Z", "modified_time": "2024-12-19T10:56:12Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "b4a2fa187ce4ea9cd50008e9f7fd8e2486ba13b990e3111ced9bcd9a762e5cdd", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/serum-dex-ui/MAL-0000-ghsa-malware-23e693f28915ad1c.json b/osv/malicious/npm/serum-dex-ui/MAL-2024-12038.json similarity index 63% rename from osv/malicious/npm/serum-dex-ui/MAL-0000-ghsa-malware-23e693f28915ad1c.json rename to osv/malicious/npm/serum-dex-ui/MAL-2024-12038.json index 21d1b6a4f..fabfa6baa 100644 --- a/osv/malicious/npm/serum-dex-ui/MAL-0000-ghsa-malware-23e693f28915ad1c.json +++ b/osv/malicious/npm/serum-dex-ui/MAL-2024-12038.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:14:03Z", "published": "2024-12-19T13:13:58Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12038", "aliases": [ "GHSA-gfv3-5p26-2x88" ], - "summary": "Malware in serum-dex-ui", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in serum-dex-ui (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (23e693f28915ad1c0bf05e8f5e0e1cab49a329f00b7f27303d08ec76d8ab068f)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-gfv3-5p26-2x88" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "23e693f28915ad1c0bf05e8f5e0e1cab49a329f00b7f27303d08ec76d8ab068f", - "import_time": "2024-12-20T00:32:39.455095311Z", "id": "GHSA-gfv3-5p26-2x88", + "import_time": "2024-12-20T00:32:39.455095311Z", "modified_time": "2024-12-19T13:14:03Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "23e693f28915ad1c0bf05e8f5e0e1cab49a329f00b7f27303d08ec76d8ab068f", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/setup-node/MAL-0000-ghsa-malware-a3cd9285f7d743a6.json b/osv/malicious/npm/setup-node/MAL-2024-12039.json similarity index 63% rename from osv/malicious/npm/setup-node/MAL-0000-ghsa-malware-a3cd9285f7d743a6.json rename to osv/malicious/npm/setup-node/MAL-2024-12039.json index 805132430..60db23a94 100644 --- a/osv/malicious/npm/setup-node/MAL-0000-ghsa-malware-a3cd9285f7d743a6.json +++ b/osv/malicious/npm/setup-node/MAL-2024-12039.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:55:13Z", "published": "2024-12-19T09:55:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12039", "aliases": [ "GHSA-77vf-55c8-x5jj" ], - "summary": "Malware in setup-node", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in setup-node (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (a3cd9285f7d743a645d9b4834df4d7f61b6cc9bd314cf339252e7458d0f61244)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-77vf-55c8-x5jj" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "a3cd9285f7d743a645d9b4834df4d7f61b6cc9bd314cf339252e7458d0f61244", - "import_time": "2024-12-20T00:32:39.406503161Z", "id": "GHSA-77vf-55c8-x5jj", + "import_time": "2024-12-20T00:32:39.406503161Z", "modified_time": "2024-12-19T09:55:13Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "a3cd9285f7d743a645d9b4834df4d7f61b6cc9bd314cf339252e7458d0f61244", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/shopee-form-ui/MAL-0000-ghsa-malware-993bcd6e55a784b0.json b/osv/malicious/npm/shopee-form-ui/MAL-0000-ghsa-malware-993bcd6e55a784b0.json deleted file mode 100644 index 0e4c587e2..000000000 --- a/osv/malicious/npm/shopee-form-ui/MAL-0000-ghsa-malware-993bcd6e55a784b0.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T13:15:09Z", - "published": "2024-12-19T13:15:08Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-x4wc-8mmh-3r52" - ], - "summary": "Malware in shopee-form-ui", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "shopee-form-ui" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-x4wc-8mmh-3r52" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-x4wc-8mmh-3r52" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "993bcd6e55a784b07d25bde8752b92602b018036f8ba3de7fd78e85addad1634", - "import_time": "2024-12-20T00:32:39.529822558Z", - "id": "GHSA-x4wc-8mmh-3r52", - "modified_time": "2024-12-19T13:15:09Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/shopee-form-ui/MAL-2024-10858.json b/osv/malicious/npm/shopee-form-ui/MAL-2024-10858.json index 065d41c15..c81562d39 100644 --- a/osv/malicious/npm/shopee-form-ui/MAL-2024-10858.json +++ b/osv/malicious/npm/shopee-form-ui/MAL-2024-10858.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-20T10:15:51Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-11-20T10:15:51Z", "schema_version": "1.5.0", "id": "MAL-2024-10858", + "aliases": [ + "GHSA-x4wc-8mmh-3r52" + ], "summary": "Malicious code in shopee-form-ui (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (dd716f9e94f5a9e85fd317ecfdb501a0f7f9ef0243c361ca12df24ceb0f582d7)\nThe OpenSSF Package Analysis project identified 'shopee-form-ui' @ 9.1.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (993bcd6e55a784b07d25bde8752b92602b018036f8ba3de7fd78e85addad1634)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (dd716f9e94f5a9e85fd317ecfdb501a0f7f9ef0243c361ca12df24ceb0f582d7)\nThe OpenSSF Package Analysis project identified 'shopee-form-ui' @ 9.1.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "shopee-form-ui" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "9.1.7" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-x4wc-8mmh-3r52" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "dd716f9e94f5a9e85fd317ecfdb501a0f7f9ef0243c361ca12df24ceb0f582d7", "import_time": "2024-11-21T23:05:41.764424905Z", "modified_time": "2024-11-20T10:15:51Z", - "sha256": "dd716f9e94f5a9e85fd317ecfdb501a0f7f9ef0243c361ca12df24ceb0f582d7", - "source": "ossf-package-analysis", "versions": [ "9.1.7" ] + }, + { + "source": "ghsa-malware", + "sha256": "993bcd6e55a784b07d25bde8752b92602b018036f8ba3de7fd78e85addad1634", + "import_time": "2024-12-20T00:32:39.529822558Z", + "id": "GHSA-x4wc-8mmh-3r52", + "modified_time": "2024-12-19T13:15:09Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/shyftportal/MAL-0000-ghsa-malware-c420e2c055c4dac2.json b/osv/malicious/npm/shyftportal/MAL-0000-ghsa-malware-c420e2c055c4dac2.json deleted file mode 100644 index 9ef9e7941..000000000 --- a/osv/malicious/npm/shyftportal/MAL-0000-ghsa-malware-c420e2c055c4dac2.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:52:28Z", - "published": "2024-12-19T10:52:27Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-4w2v-92qq-wj84" - ], - "summary": "Malware in shyftportal", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "shyftportal" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-4w2v-92qq-wj84" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-4w2v-92qq-wj84" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "c420e2c055c4dac21abe5aa3deacde16aef6dcd57335d4244adffc4346365a2e", - "import_time": "2024-12-20T00:32:39.386156744Z", - "id": "GHSA-4w2v-92qq-wj84", - "modified_time": "2024-12-19T10:52:28Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/shyftportal/MAL-2024-11784.json b/osv/malicious/npm/shyftportal/MAL-2024-11784.json index b443f657c..36ef23371 100644 --- a/osv/malicious/npm/shyftportal/MAL-2024-11784.json +++ b/osv/malicious/npm/shyftportal/MAL-2024-11784.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-11T18:21:01Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-11T18:21:01Z", "schema_version": "1.5.0", "id": "MAL-2024-11784", + "aliases": [ + "GHSA-4w2v-92qq-wj84" + ], "summary": "Malicious code in shyftportal (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (42a2eee90f82caaf89babfc6ae7de546ed7e933760e635c592ca82a6aae745aa)\nThe OpenSSF Package Analysis project identified 'shyftportal' @ 1.0.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (c420e2c055c4dac21abe5aa3deacde16aef6dcd57335d4244adffc4346365a2e)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (42a2eee90f82caaf89babfc6ae7de546ed7e933760e635c592ca82a6aae745aa)\nThe OpenSSF Package Analysis project identified 'shyftportal' @ 1.0.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "shyftportal" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.6" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-4w2v-92qq-wj84" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "42a2eee90f82caaf89babfc6ae7de546ed7e933760e635c592ca82a6aae745aa", "import_time": "2024-12-11T18:40:20.434685816Z", "modified_time": "2024-12-11T18:21:01Z", - "sha256": "42a2eee90f82caaf89babfc6ae7de546ed7e933760e635c592ca82a6aae745aa", - "source": "ossf-package-analysis", "versions": [ "1.0.6" ] + }, + { + "source": "ghsa-malware", + "sha256": "c420e2c055c4dac21abe5aa3deacde16aef6dcd57335d4244adffc4346365a2e", + "import_time": "2024-12-20T00:32:39.386156744Z", + "id": "GHSA-4w2v-92qq-wj84", + "modified_time": "2024-12-19T10:52:28Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/slack-sns/MAL-0000-ghsa-malware-dde2984debaba750.json b/osv/malicious/npm/slack-sns/MAL-2024-12040.json similarity index 63% rename from osv/malicious/npm/slack-sns/MAL-0000-ghsa-malware-dde2984debaba750.json rename to osv/malicious/npm/slack-sns/MAL-2024-12040.json index e5929b32d..be120f284 100644 --- a/osv/malicious/npm/slack-sns/MAL-0000-ghsa-malware-dde2984debaba750.json +++ b/osv/malicious/npm/slack-sns/MAL-2024-12040.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:12:45Z", "published": "2024-12-19T11:12:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12040", "aliases": [ "GHSA-746v-j8x7-j9c6" ], - "summary": "Malware in slack-sns", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in slack-sns (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (dde2984debaba750af691ea1ba70116984fba098ecf0fe26a0fdf576d386f53a)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-746v-j8x7-j9c6" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "dde2984debaba750af691ea1ba70116984fba098ecf0fe26a0fdf576d386f53a", - "import_time": "2024-12-20T00:32:39.40490142Z", "id": "GHSA-746v-j8x7-j9c6", + "import_time": "2024-12-20T00:32:39.40490142Z", "modified_time": "2024-12-19T11:12:45Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "dde2984debaba750af691ea1ba70116984fba098ecf0fe26a0fdf576d386f53a", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/spid-csvautofilljs/MAL-0000-ghsa-malware-4a58cfebfacf0be1.json b/osv/malicious/npm/spid-csvautofilljs/MAL-2024-12041.json similarity index 63% rename from osv/malicious/npm/spid-csvautofilljs/MAL-0000-ghsa-malware-4a58cfebfacf0be1.json rename to osv/malicious/npm/spid-csvautofilljs/MAL-2024-12041.json index 6bc1cc550..bba932432 100644 --- a/osv/malicious/npm/spid-csvautofilljs/MAL-0000-ghsa-malware-4a58cfebfacf0be1.json +++ b/osv/malicious/npm/spid-csvautofilljs/MAL-2024-12041.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:15:09Z", "published": "2024-12-19T13:15:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12041", "aliases": [ "GHSA-8jjm-mfhq-4mfp" ], - "summary": "Malware in spid-csvautofilljs", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in spid-csvautofilljs (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (4a58cfebfacf0be1701b2d356aa0e74d6a7c0fa67c9340191ce5ca79a8a50894)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-8jjm-mfhq-4mfp" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "4a58cfebfacf0be1701b2d356aa0e74d6a7c0fa67c9340191ce5ca79a8a50894", - "import_time": "2024-12-20T00:32:39.417103645Z", "id": "GHSA-8jjm-mfhq-4mfp", + "import_time": "2024-12-20T00:32:39.417103645Z", "modified_time": "2024-12-19T13:15:09Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "4a58cfebfacf0be1701b2d356aa0e74d6a7c0fa67c9340191ce5ca79a8a50894", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/spinal-core-connectorjs/MAL-0000-ghsa-malware-f55ec90344a6042c.json b/osv/malicious/npm/spinal-core-connectorjs/MAL-0000-ghsa-malware-f55ec90344a6042c.json deleted file mode 100644 index 2fbd94d2e..000000000 --- a/osv/malicious/npm/spinal-core-connectorjs/MAL-0000-ghsa-malware-f55ec90344a6042c.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:24:20Z", - "published": "2024-12-19T11:24:20Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-cx2g-89jj-xccv" - ], - "summary": "Malware in spinal-core-connectorjs", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "spinal-core-connectorjs" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-cx2g-89jj-xccv" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-cx2g-89jj-xccv" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "f55ec90344a6042cf94a3e9a576e833a0277da7732a8322612604d186cab49b6", - "import_time": "2024-12-20T00:32:39.438525642Z", - "id": "GHSA-cx2g-89jj-xccv", - "modified_time": "2024-12-19T11:24:20Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/spinal-core-connectorjs/MAL-2024-11172.json b/osv/malicious/npm/spinal-core-connectorjs/MAL-2024-11172.json index 054f072b9..d740a1fea 100644 --- a/osv/malicious/npm/spinal-core-connectorjs/MAL-2024-11172.json +++ b/osv/malicious/npm/spinal-core-connectorjs/MAL-2024-11172.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T15:42:12Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T15:42:12Z", "schema_version": "1.5.0", "id": "MAL-2024-11172", + "aliases": [ + "GHSA-cx2g-89jj-xccv" + ], "summary": "Malicious code in spinal-core-connectorjs (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (bf0ec23d7faa5ac2d70bb060676adbe5edad7c89521cfd7dd9dc590d7795f12a)\nThe OpenSSF Package Analysis project identified 'spinal-core-connectorjs' @ 7.5.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (f55ec90344a6042cf94a3e9a576e833a0277da7732a8322612604d186cab49b6)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (bf0ec23d7faa5ac2d70bb060676adbe5edad7c89521cfd7dd9dc590d7795f12a)\nThe OpenSSF Package Analysis project identified 'spinal-core-connectorjs' @ 7.5.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "spinal-core-connectorjs" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "7.5.4" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-cx2g-89jj-xccv" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "bf0ec23d7faa5ac2d70bb060676adbe5edad7c89521cfd7dd9dc590d7795f12a", "import_time": "2024-12-02T11:05:09.689603235Z", "modified_time": "2024-12-01T15:42:12Z", - "sha256": "bf0ec23d7faa5ac2d70bb060676adbe5edad7c89521cfd7dd9dc590d7795f12a", - "source": "ossf-package-analysis", "versions": [ "7.5.4" ] + }, + { + "source": "ghsa-malware", + "sha256": "f55ec90344a6042cf94a3e9a576e833a0277da7732a8322612604d186cab49b6", + "import_time": "2024-12-20T00:32:39.438525642Z", + "id": "GHSA-cx2g-89jj-xccv", + "modified_time": "2024-12-19T11:24:20Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/spinal-core-connectorjs_type/MAL-0000-ghsa-malware-f3451f756dd259cb.json b/osv/malicious/npm/spinal-core-connectorjs_type/MAL-0000-ghsa-malware-f3451f756dd259cb.json deleted file mode 100644 index 0eec3188c..000000000 --- a/osv/malicious/npm/spinal-core-connectorjs_type/MAL-0000-ghsa-malware-f3451f756dd259cb.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:31:11Z", - "published": "2024-12-19T11:31:11Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-vwgr-h8g8-22mh" - ], - "summary": "Malware in spinal-core-connectorjs_type", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "spinal-core-connectorjs_type" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-vwgr-h8g8-22mh" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-vwgr-h8g8-22mh" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "f3451f756dd259cb0c2c30ea5f39c2d4a80eef529d40a35beafd582ce7d01420", - "import_time": "2024-12-20T00:32:39.515748253Z", - "id": "GHSA-vwgr-h8g8-22mh", - "modified_time": "2024-12-19T11:31:11Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/spinal-core-connectorjs_type/MAL-2024-11173.json b/osv/malicious/npm/spinal-core-connectorjs_type/MAL-2024-11173.json index ebbdca728..22ec01ffb 100644 --- a/osv/malicious/npm/spinal-core-connectorjs_type/MAL-2024-11173.json +++ b/osv/malicious/npm/spinal-core-connectorjs_type/MAL-2024-11173.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T16:09:41Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T16:09:41Z", "schema_version": "1.5.0", "id": "MAL-2024-11173", + "aliases": [ + "GHSA-vwgr-h8g8-22mh" + ], "summary": "Malicious code in spinal-core-connectorjs_type (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (38173ac2f61a157cba9980a5c9209d961df21ced48515b05fc0b8d7ec0344018)\nThe OpenSSF Package Analysis project identified 'spinal-core-connectorjs_type' @ 5.5.10 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (f3451f756dd259cb0c2c30ea5f39c2d4a80eef529d40a35beafd582ce7d01420)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (38173ac2f61a157cba9980a5c9209d961df21ced48515b05fc0b8d7ec0344018)\nThe OpenSSF Package Analysis project identified 'spinal-core-connectorjs_type' @ 5.5.10 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "spinal-core-connectorjs_type" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "5.5.10" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-vwgr-h8g8-22mh" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "38173ac2f61a157cba9980a5c9209d961df21ced48515b05fc0b8d7ec0344018", "import_time": "2024-12-02T11:05:09.821481962Z", "modified_time": "2024-12-01T16:09:41Z", - "sha256": "38173ac2f61a157cba9980a5c9209d961df21ced48515b05fc0b8d7ec0344018", - "source": "ossf-package-analysis", "versions": [ "5.5.10" ] + }, + { + "source": "ghsa-malware", + "sha256": "f3451f756dd259cb0c2c30ea5f39c2d4a80eef529d40a35beafd582ce7d01420", + "import_time": "2024-12-20T00:32:39.515748253Z", + "id": "GHSA-vwgr-h8g8-22mh", + "modified_time": "2024-12-19T11:31:11Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/spinal-env-viewer-graph-service/MAL-0000-ghsa-malware-15cfd840bc992aae.json b/osv/malicious/npm/spinal-env-viewer-graph-service/MAL-0000-ghsa-malware-15cfd840bc992aae.json deleted file mode 100644 index 9fc6f03c5..000000000 --- a/osv/malicious/npm/spinal-env-viewer-graph-service/MAL-0000-ghsa-malware-15cfd840bc992aae.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:31:46Z", - "published": "2024-12-19T11:31:46Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-97mr-cp38-vxj2" - ], - "summary": "Malware in spinal-env-viewer-graph-service", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "spinal-env-viewer-graph-service" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-97mr-cp38-vxj2" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-97mr-cp38-vxj2" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "15cfd840bc992aaee2f17022820c0f005a0e47a499c6939bc0ee0c5635cd47fe", - "import_time": "2024-12-20T00:32:39.422734212Z", - "id": "GHSA-97mr-cp38-vxj2", - "modified_time": "2024-12-19T11:31:46Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/spinal-env-viewer-graph-service/MAL-2024-11174.json b/osv/malicious/npm/spinal-env-viewer-graph-service/MAL-2024-11174.json index 01bb77562..70eb0d8cd 100644 --- a/osv/malicious/npm/spinal-env-viewer-graph-service/MAL-2024-11174.json +++ b/osv/malicious/npm/spinal-env-viewer-graph-service/MAL-2024-11174.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T16:45:48Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T16:45:48Z", "schema_version": "1.5.0", "id": "MAL-2024-11174", + "aliases": [ + "GHSA-97mr-cp38-vxj2" + ], "summary": "Malicious code in spinal-env-viewer-graph-service (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (471fbbdd487118394edb6dbe37bc7b122be7fee807e687cbf57d61f674392ca2)\nThe OpenSSF Package Analysis project identified 'spinal-env-viewer-graph-service' @ 7.1.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (15cfd840bc992aaee2f17022820c0f005a0e47a499c6939bc0ee0c5635cd47fe)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (471fbbdd487118394edb6dbe37bc7b122be7fee807e687cbf57d61f674392ca2)\nThe OpenSSF Package Analysis project identified 'spinal-env-viewer-graph-service' @ 7.1.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "spinal-env-viewer-graph-service" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "7.1.3" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-97mr-cp38-vxj2" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "471fbbdd487118394edb6dbe37bc7b122be7fee807e687cbf57d61f674392ca2", "import_time": "2024-12-02T11:05:09.925396958Z", "modified_time": "2024-12-01T16:45:48Z", - "sha256": "471fbbdd487118394edb6dbe37bc7b122be7fee807e687cbf57d61f674392ca2", - "source": "ossf-package-analysis", "versions": [ "7.1.3" ] + }, + { + "source": "ghsa-malware", + "sha256": "15cfd840bc992aaee2f17022820c0f005a0e47a499c6939bc0ee0c5635cd47fe", + "import_time": "2024-12-20T00:32:39.422734212Z", + "id": "GHSA-97mr-cp38-vxj2", + "modified_time": "2024-12-19T11:31:46Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/spinal-env-viewer-plugin-documentation-service/MAL-0000-ghsa-malware-d3d2a0a560ea9b62.json b/osv/malicious/npm/spinal-env-viewer-plugin-documentation-service/MAL-2024-12042.json similarity index 62% rename from osv/malicious/npm/spinal-env-viewer-plugin-documentation-service/MAL-0000-ghsa-malware-d3d2a0a560ea9b62.json rename to osv/malicious/npm/spinal-env-viewer-plugin-documentation-service/MAL-2024-12042.json index fbdba93c7..1c1d1fc73 100644 --- a/osv/malicious/npm/spinal-env-viewer-plugin-documentation-service/MAL-0000-ghsa-malware-d3d2a0a560ea9b62.json +++ b/osv/malicious/npm/spinal-env-viewer-plugin-documentation-service/MAL-2024-12042.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:46:17Z", "published": "2024-12-19T11:46:12Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12042", "aliases": [ "GHSA-7gjj-xgjg-5whh" ], - "summary": "Malware in spinal-env-viewer-plugin-documentation-service", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in spinal-env-viewer-plugin-documentation-service (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d3d2a0a560ea9b62097643b0b538b82a0eba36ef923886755262eeecca376650)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-7gjj-xgjg-5whh" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "d3d2a0a560ea9b62097643b0b538b82a0eba36ef923886755262eeecca376650", - "import_time": "2024-12-20T00:32:39.40732479Z", "id": "GHSA-7gjj-xgjg-5whh", + "import_time": "2024-12-20T00:32:39.40732479Z", "modified_time": "2024-12-19T11:46:17Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "d3d2a0a560ea9b62097643b0b538b82a0eba36ef923886755262eeecca376650", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/spinal-env-viewer-plugin-group-manager-service/MAL-0000-ghsa-malware-08d905db5ba537ed.json b/osv/malicious/npm/spinal-env-viewer-plugin-group-manager-service/MAL-0000-ghsa-malware-08d905db5ba537ed.json deleted file mode 100644 index e91fd4128..000000000 --- a/osv/malicious/npm/spinal-env-viewer-plugin-group-manager-service/MAL-0000-ghsa-malware-08d905db5ba537ed.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T13:17:18Z", - "published": "2024-12-19T13:17:14Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-pvx2-46m7-3739" - ], - "summary": "Malware in spinal-env-viewer-plugin-group-manager-service", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "spinal-env-viewer-plugin-group-manager-service" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-pvx2-46m7-3739" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-pvx2-46m7-3739" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "08d905db5ba537ed47f7f0ba2189c5b72f23c0d8de78591283e86cc1c8651634", - "import_time": "2024-12-20T00:32:39.490126992Z", - "id": "GHSA-pvx2-46m7-3739", - "modified_time": "2024-12-19T13:17:18Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/spinal-env-viewer-plugin-group-manager-service/MAL-2024-11175.json b/osv/malicious/npm/spinal-env-viewer-plugin-group-manager-service/MAL-2024-11175.json index 2cba0be19..6807f5894 100644 --- a/osv/malicious/npm/spinal-env-viewer-plugin-group-manager-service/MAL-2024-11175.json +++ b/osv/malicious/npm/spinal-env-viewer-plugin-group-manager-service/MAL-2024-11175.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T17:30:45Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T17:30:45Z", "schema_version": "1.5.0", "id": "MAL-2024-11175", + "aliases": [ + "GHSA-pvx2-46m7-3739" + ], "summary": "Malicious code in spinal-env-viewer-plugin-group-manager-service (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (16cef7732fcf210f472b1df7d1bc64fdeb6c9cc47e744834db330f00ef327b30)\nThe OpenSSF Package Analysis project identified 'spinal-env-viewer-plugin-group-manager-service' @ 10.1.10 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (08d905db5ba537ed47f7f0ba2189c5b72f23c0d8de78591283e86cc1c8651634)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (16cef7732fcf210f472b1df7d1bc64fdeb6c9cc47e744834db330f00ef327b30)\nThe OpenSSF Package Analysis project identified 'spinal-env-viewer-plugin-group-manager-service' @ 10.1.10 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "spinal-env-viewer-plugin-group-manager-service" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "10.1.10" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-pvx2-46m7-3739" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "16cef7732fcf210f472b1df7d1bc64fdeb6c9cc47e744834db330f00ef327b30", "import_time": "2024-12-02T11:05:10.010781843Z", "modified_time": "2024-12-01T17:30:45Z", - "sha256": "16cef7732fcf210f472b1df7d1bc64fdeb6c9cc47e744834db330f00ef327b30", - "source": "ossf-package-analysis", "versions": [ "10.1.10" ] + }, + { + "source": "ghsa-malware", + "sha256": "08d905db5ba537ed47f7f0ba2189c5b72f23c0d8de78591283e86cc1c8651634", + "import_time": "2024-12-20T00:32:39.490126992Z", + "id": "GHSA-pvx2-46m7-3739", + "modified_time": "2024-12-19T13:17:18Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/spinal-lib-organ-monitoring/MAL-0000-ghsa-malware-863fb7f679e57aab.json b/osv/malicious/npm/spinal-lib-organ-monitoring/MAL-0000-ghsa-malware-863fb7f679e57aab.json deleted file mode 100644 index 9074b2f11..000000000 --- a/osv/malicious/npm/spinal-lib-organ-monitoring/MAL-0000-ghsa-malware-863fb7f679e57aab.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:58:23Z", - "published": "2024-12-19T11:58:23Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-wffv-qv9v-g425" - ], - "summary": "Malware in spinal-lib-organ-monitoring", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "spinal-lib-organ-monitoring" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-wffv-qv9v-g425" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-wffv-qv9v-g425" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "863fb7f679e57aab2356e5867fe4d9dd25e11f1c8ef2744b2e337bb0384d8696", - "import_time": "2024-12-20T00:32:39.522618995Z", - "id": "GHSA-wffv-qv9v-g425", - "modified_time": "2024-12-19T11:58:23Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/spinal-lib-organ-monitoring/MAL-2024-11176.json b/osv/malicious/npm/spinal-lib-organ-monitoring/MAL-2024-11176.json index b22d97e8d..19045feb4 100644 --- a/osv/malicious/npm/spinal-lib-organ-monitoring/MAL-2024-11176.json +++ b/osv/malicious/npm/spinal-lib-organ-monitoring/MAL-2024-11176.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T18:03:50Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T18:03:50Z", "schema_version": "1.5.0", "id": "MAL-2024-11176", + "aliases": [ + "GHSA-wffv-qv9v-g425" + ], "summary": "Malicious code in spinal-lib-organ-monitoring (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (5cfaf5b82064d1ce60ba298e7d5f0ad474420c67cb27dd092bf70192b3c103b6)\nThe OpenSSF Package Analysis project identified 'spinal-lib-organ-monitoring' @ 7.5.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (863fb7f679e57aab2356e5867fe4d9dd25e11f1c8ef2744b2e337bb0384d8696)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (5cfaf5b82064d1ce60ba298e7d5f0ad474420c67cb27dd092bf70192b3c103b6)\nThe OpenSSF Package Analysis project identified 'spinal-lib-organ-monitoring' @ 7.5.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "spinal-lib-organ-monitoring" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "7.5.6" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wffv-qv9v-g425" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "5cfaf5b82064d1ce60ba298e7d5f0ad474420c67cb27dd092bf70192b3c103b6", "import_time": "2024-12-02T11:05:10.14797205Z", "modified_time": "2024-12-01T18:03:50Z", - "sha256": "5cfaf5b82064d1ce60ba298e7d5f0ad474420c67cb27dd092bf70192b3c103b6", - "source": "ossf-package-analysis", "versions": [ "7.5.6" ] + }, + { + "source": "ghsa-malware", + "sha256": "863fb7f679e57aab2356e5867fe4d9dd25e11f1c8ef2744b2e337bb0384d8696", + "import_time": "2024-12-20T00:32:39.522618995Z", + "id": "GHSA-wffv-qv9v-g425", + "modified_time": "2024-12-19T11:58:23Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/spinal-service-ticket/MAL-0000-ghsa-malware-aae35c4e4ff6906c.json b/osv/malicious/npm/spinal-service-ticket/MAL-0000-ghsa-malware-aae35c4e4ff6906c.json deleted file mode 100644 index 38c8b2eda..000000000 --- a/osv/malicious/npm/spinal-service-ticket/MAL-0000-ghsa-malware-aae35c4e4ff6906c.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T12:02:18Z", - "published": "2024-12-19T12:02:13Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-hch2-w83j-768c" - ], - "summary": "Malware in spinal-service-ticket", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "spinal-service-ticket" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-hch2-w83j-768c" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-hch2-w83j-768c" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "aae35c4e4ff6906cb7d4d11279ee76155e4fe161e95d96ecea1f4e61e9a67412", - "import_time": "2024-12-20T00:32:39.463902681Z", - "id": "GHSA-hch2-w83j-768c", - "modified_time": "2024-12-19T12:02:18Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/spinal-service-ticket/MAL-2024-11177.json b/osv/malicious/npm/spinal-service-ticket/MAL-2024-11177.json index 2e4cacfa1..33242f61b 100644 --- a/osv/malicious/npm/spinal-service-ticket/MAL-2024-11177.json +++ b/osv/malicious/npm/spinal-service-ticket/MAL-2024-11177.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T18:38:34Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T18:38:34Z", "schema_version": "1.5.0", "id": "MAL-2024-11177", + "aliases": [ + "GHSA-hch2-w83j-768c" + ], "summary": "Malicious code in spinal-service-ticket (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (0e6d66a246c678657be3e943dcad2a7dd228de18ea7fe13b169c392498ddd4d2)\nThe OpenSSF Package Analysis project identified 'spinal-service-ticket' @ 9.2.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (aae35c4e4ff6906cb7d4d11279ee76155e4fe161e95d96ecea1f4e61e9a67412)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (0e6d66a246c678657be3e943dcad2a7dd228de18ea7fe13b169c392498ddd4d2)\nThe OpenSSF Package Analysis project identified 'spinal-service-ticket' @ 9.2.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "spinal-service-ticket" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "9.2.9" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hch2-w83j-768c" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "0e6d66a246c678657be3e943dcad2a7dd228de18ea7fe13b169c392498ddd4d2", "import_time": "2024-12-02T11:05:10.240435377Z", "modified_time": "2024-12-01T18:38:34Z", - "sha256": "0e6d66a246c678657be3e943dcad2a7dd228de18ea7fe13b169c392498ddd4d2", - "source": "ossf-package-analysis", "versions": [ "9.2.9" ] + }, + { + "source": "ghsa-malware", + "sha256": "aae35c4e4ff6906cb7d4d11279ee76155e4fe161e95d96ecea1f4e61e9a67412", + "import_time": "2024-12-20T00:32:39.463902681Z", + "id": "GHSA-hch2-w83j-768c", + "modified_time": "2024-12-19T12:02:18Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/ssk/MAL-0000-ghsa-malware-668ed437a9bfeadc.json b/osv/malicious/npm/ssk/MAL-2024-12043.json similarity index 63% rename from osv/malicious/npm/ssk/MAL-0000-ghsa-malware-668ed437a9bfeadc.json rename to osv/malicious/npm/ssk/MAL-2024-12043.json index 55642a6ef..849a0a70e 100644 --- a/osv/malicious/npm/ssk/MAL-0000-ghsa-malware-668ed437a9bfeadc.json +++ b/osv/malicious/npm/ssk/MAL-2024-12043.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:18:44Z", "published": "2024-12-19T13:18:43Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12043", "aliases": [ "GHSA-w5qx-3443-64cj" ], - "summary": "Malware in ssk", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in ssk (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (668ed437a9bfeadc6dd1810ce81817581ce9fb0f3c3432c62dc1e9e5382f11fc)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-w5qx-3443-64cj" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "668ed437a9bfeadc6dd1810ce81817581ce9fb0f3c3432c62dc1e9e5382f11fc", - "import_time": "2024-12-20T00:32:39.517379568Z", "id": "GHSA-w5qx-3443-64cj", + "import_time": "2024-12-20T00:32:39.517379568Z", "modified_time": "2024-12-19T13:18:44Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "668ed437a9bfeadc6dd1810ce81817581ce9fb0f3c3432c62dc1e9e5382f11fc", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/sso-map/MAL-0000-ghsa-malware-13c02a71f3b5311d.json b/osv/malicious/npm/sso-map/MAL-0000-ghsa-malware-13c02a71f3b5311d.json deleted file mode 100644 index 5e62c4769..000000000 --- a/osv/malicious/npm/sso-map/MAL-0000-ghsa-malware-13c02a71f3b5311d.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T13:15:09Z", - "published": "2024-12-19T13:15:09Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-hcrj-6w7v-5wpm" - ], - "summary": "Malware in sso-map", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "sso-map" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-hcrj-6w7v-5wpm" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-hcrj-6w7v-5wpm" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "13c02a71f3b5311d6952fbb20d35dd70c0a4364836fad0b148b8b221c3f17074", - "import_time": "2024-12-20T00:32:39.465904075Z", - "id": "GHSA-hcrj-6w7v-5wpm", - "modified_time": "2024-12-19T13:15:09Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/sso-map/MAL-2023-8036.json b/osv/malicious/npm/sso-map/MAL-2023-8036.json index e1b05e7e4..dd24fde26 100644 --- a/osv/malicious/npm/sso-map/MAL-2023-8036.json +++ b/osv/malicious/npm/sso-map/MAL-2023-8036.json @@ -1,13 +1,14 @@ { - "modified": "2024-11-21T23:06:15Z", + "modified": "2024-12-20T00:33:13Z", "published": "2023-08-23T00:00:00Z", "schema_version": "1.5.0", "id": "MAL-2023-8036", "aliases": [ - "SNYK-JS-SSOMAP-5876608" + "SNYK-JS-SSOMAP-5876608", + "GHSA-hcrj-6w7v-5wpm" ], "summary": "Malicious code in sso-map (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: checkmarx (ec3637a741345c5082ec0b969e5d295b30baf6cc1647f0f684951624ee0ba64b)\nMalicious packages campaign since 2021 targeting developers, steals source code and secrets\n\n## Source: ossf-package-analysis (8a4090bf162593ec35f994f271238a8ad0cf69e5c6226ed9306769adc64228d1)\nThe OpenSSF Package Analysis project identified 'sso-map' @ 10.1.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: checkmarx (ec3637a741345c5082ec0b969e5d295b30baf6cc1647f0f684951624ee0ba64b)\nMalicious packages campaign since 2021 targeting developers, steals source code and secrets\n\n## Source: ghsa-malware (13c02a71f3b5311d6952fbb20d35dd70c0a4364836fad0b148b8b221c3f17074)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (8a4090bf162593ec35f994f271238a8ad0cf69e5c6226ed9306769adc64228d1)\nThe OpenSSF Package Analysis project identified 'sso-map' @ 10.1.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -27,7 +28,16 @@ "versions": [ "1.999.0", "10.1.9" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } } ], "references": [ @@ -38,6 +48,10 @@ { "type": "ADVISORY", "url": "https://security.snyk.io/vuln/SNYK-JS-SSOMAP-5876608" + }, + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hcrj-6w7v-5wpm" } ], "credits": [ @@ -140,6 +154,23 @@ "versions": [ "10.1.9" ] + }, + { + "source": "ghsa-malware", + "sha256": "13c02a71f3b5311d6952fbb20d35dd70c0a4364836fad0b148b8b221c3f17074", + "import_time": "2024-12-20T00:32:39.465904075Z", + "id": "GHSA-hcrj-6w7v-5wpm", + "modified_time": "2024-12-19T13:15:09Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/stripe-internal/MAL-0000-ghsa-malware-37cffd89914421e6.json b/osv/malicious/npm/stripe-internal/MAL-0000-ghsa-malware-37cffd89914421e6.json deleted file mode 100644 index 6d5fecc59..000000000 --- a/osv/malicious/npm/stripe-internal/MAL-0000-ghsa-malware-37cffd89914421e6.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:52:37Z", - "published": "2024-12-19T10:52:28Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-4qff-gh94-6g8m" - ], - "summary": "Malware in stripe-internal", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "stripe-internal" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-4qff-gh94-6g8m" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-4qff-gh94-6g8m" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "37cffd89914421e6ec876ab385cbb856e29b04d39b9a37f04de91f0f8a0bfa1d", - "import_time": "2024-12-20T00:32:39.384215422Z", - "id": "GHSA-4qff-gh94-6g8m", - "modified_time": "2024-12-19T10:52:37Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/stripe-internal/MAL-2024-11846.json b/osv/malicious/npm/stripe-internal/MAL-2024-11846.json index 4b470bd60..c0e4799c6 100644 --- a/osv/malicious/npm/stripe-internal/MAL-2024-11846.json +++ b/osv/malicious/npm/stripe-internal/MAL-2024-11846.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-14T17:58:06Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-14T17:58:06Z", "schema_version": "1.5.0", "id": "MAL-2024-11846", + "aliases": [ + "GHSA-4qff-gh94-6g8m" + ], "summary": "Malicious code in stripe-internal (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (e0381bb16bd9eb0308002e69e6e21600ec105a795e1a7bf9fc0f0a7d96cbd3a2)\nThe OpenSSF Package Analysis project identified 'stripe-internal' @ 0.4.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (37cffd89914421e6ec876ab385cbb856e29b04d39b9a37f04de91f0f8a0bfa1d)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (e0381bb16bd9eb0308002e69e6e21600ec105a795e1a7bf9fc0f0a7d96cbd3a2)\nThe OpenSSF Package Analysis project identified 'stripe-internal' @ 0.4.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "stripe-internal" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "0.4.6" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-4qff-gh94-6g8m" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "e0381bb16bd9eb0308002e69e6e21600ec105a795e1a7bf9fc0f0a7d96cbd3a2", "import_time": "2024-12-14T18:06:16.817963712Z", "modified_time": "2024-12-14T17:58:06Z", - "sha256": "e0381bb16bd9eb0308002e69e6e21600ec105a795e1a7bf9fc0f0a7d96cbd3a2", - "source": "ossf-package-analysis", "versions": [ "0.4.6" ] + }, + { + "source": "ghsa-malware", + "sha256": "37cffd89914421e6ec876ab385cbb856e29b04d39b9a37f04de91f0f8a0bfa1d", + "import_time": "2024-12-20T00:32:39.384215422Z", + "id": "GHSA-4qff-gh94-6g8m", + "modified_time": "2024-12-19T10:52:37Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/support-conversations/MAL-0000-ghsa-malware-edda50ab2f0ce596.json b/osv/malicious/npm/support-conversations/MAL-0000-ghsa-malware-edda50ab2f0ce596.json deleted file mode 100644 index 2f87fa33f..000000000 --- a/osv/malicious/npm/support-conversations/MAL-0000-ghsa-malware-edda50ab2f0ce596.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:52:37Z", - "published": "2024-12-19T10:52:28Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-6w3h-xxxf-xv4r" - ], - "summary": "Malware in support-conversations", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "support-conversations" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-6w3h-xxxf-xv4r" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-6w3h-xxxf-xv4r" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "edda50ab2f0ce5968a008967fbb252094f125171a8759dc97957ee5f7d8d8826", - "import_time": "2024-12-20T00:32:39.400563098Z", - "id": "GHSA-6w3h-xxxf-xv4r", - "modified_time": "2024-12-19T10:52:37Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/support-conversations/MAL-2024-11847.json b/osv/malicious/npm/support-conversations/MAL-2024-11847.json index 0bd2a2f39..35904b19b 100644 --- a/osv/malicious/npm/support-conversations/MAL-2024-11847.json +++ b/osv/malicious/npm/support-conversations/MAL-2024-11847.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-14T18:12:59Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-14T18:12:59Z", "schema_version": "1.5.0", "id": "MAL-2024-11847", + "aliases": [ + "GHSA-6w3h-xxxf-xv4r" + ], "summary": "Malicious code in support-conversations (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (9ef3eb947d55786e4e156239f75c7441dd3b75e79ba9e53ca86c4def91f6ace4)\nThe OpenSSF Package Analysis project identified 'support-conversations' @ 0.4.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (edda50ab2f0ce5968a008967fbb252094f125171a8759dc97957ee5f7d8d8826)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (9ef3eb947d55786e4e156239f75c7441dd3b75e79ba9e53ca86c4def91f6ace4)\nThe OpenSSF Package Analysis project identified 'support-conversations' @ 0.4.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "support-conversations" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "0.4.6" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-6w3h-xxxf-xv4r" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "9ef3eb947d55786e4e156239f75c7441dd3b75e79ba9e53ca86c4def91f6ace4", "import_time": "2024-12-14T18:38:37.395215083Z", "modified_time": "2024-12-14T18:12:59Z", - "sha256": "9ef3eb947d55786e4e156239f75c7441dd3b75e79ba9e53ca86c4def91f6ace4", - "source": "ossf-package-analysis", "versions": [ "0.4.6" ] + }, + { + "source": "ghsa-malware", + "sha256": "edda50ab2f0ce5968a008967fbb252094f125171a8759dc97957ee5f7d8d8826", + "import_time": "2024-12-20T00:32:39.400563098Z", + "id": "GHSA-6w3h-xxxf-xv4r", + "modified_time": "2024-12-19T10:52:37Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/tailchat-service-openapi-generator/MAL-0000-ghsa-malware-22511b2b576ee7a4.json b/osv/malicious/npm/tailchat-service-openapi-generator/MAL-0000-ghsa-malware-22511b2b576ee7a4.json deleted file mode 100644 index 17f5e2cf2..000000000 --- a/osv/malicious/npm/tailchat-service-openapi-generator/MAL-0000-ghsa-malware-22511b2b576ee7a4.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:09:48Z", - "published": "2024-12-19T11:09:48Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-h384-m7g4-7r5f" - ], - "summary": "Malware in tailchat-service-openapi-generator", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "tailchat-service-openapi-generator" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-h384-m7g4-7r5f" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-h384-m7g4-7r5f" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "22511b2b576ee7a41e7c7f6abf4e9a9fdedded65c99367d47f3f5cda4ce875c7", - "import_time": "2024-12-20T00:32:39.460010829Z", - "id": "GHSA-h384-m7g4-7r5f", - "modified_time": "2024-12-19T11:09:48Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/tailchat-service-openapi-generator/MAL-2024-11178.json b/osv/malicious/npm/tailchat-service-openapi-generator/MAL-2024-11178.json index 1af9b9901..d3674c76d 100644 --- a/osv/malicious/npm/tailchat-service-openapi-generator/MAL-2024-11178.json +++ b/osv/malicious/npm/tailchat-service-openapi-generator/MAL-2024-11178.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T18:53:45Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T18:53:45Z", "schema_version": "1.5.0", "id": "MAL-2024-11178", + "aliases": [ + "GHSA-h384-m7g4-7r5f" + ], "summary": "Malicious code in tailchat-service-openapi-generator (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (f29c3ec5f28fd8fa5ae73fb67f8b117aa3d307246ffcb13c9367743bd08a12ae)\nThe OpenSSF Package Analysis project identified 'tailchat-service-openapi-generator' @ 9.5.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (22511b2b576ee7a41e7c7f6abf4e9a9fdedded65c99367d47f3f5cda4ce875c7)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (f29c3ec5f28fd8fa5ae73fb67f8b117aa3d307246ffcb13c9367743bd08a12ae)\nThe OpenSSF Package Analysis project identified 'tailchat-service-openapi-generator' @ 9.5.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "tailchat-service-openapi-generator" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "9.5.5" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-h384-m7g4-7r5f" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "f29c3ec5f28fd8fa5ae73fb67f8b117aa3d307246ffcb13c9367743bd08a12ae", "import_time": "2024-12-02T11:05:10.349247842Z", "modified_time": "2024-12-01T18:53:45Z", - "sha256": "f29c3ec5f28fd8fa5ae73fb67f8b117aa3d307246ffcb13c9367743bd08a12ae", - "source": "ossf-package-analysis", "versions": [ "9.5.5" ] + }, + { + "source": "ghsa-malware", + "sha256": "22511b2b576ee7a41e7c7f6abf4e9a9fdedded65c99367d47f3f5cda4ce875c7", + "import_time": "2024-12-20T00:32:39.460010829Z", + "id": "GHSA-h384-m7g4-7r5f", + "modified_time": "2024-12-19T11:09:48Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/tailchat-service-swagger-generator/MAL-0000-ghsa-malware-acf09d7e9f52a040.json b/osv/malicious/npm/tailchat-service-swagger-generator/MAL-0000-ghsa-malware-acf09d7e9f52a040.json deleted file mode 100644 index f3dd2f243..000000000 --- a/osv/malicious/npm/tailchat-service-swagger-generator/MAL-0000-ghsa-malware-acf09d7e9f52a040.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:19:35Z", - "published": "2024-12-19T11:19:34Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-54fh-xx46-7hx9" - ], - "summary": "Malware in tailchat-service-swagger-generator", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "tailchat-service-swagger-generator" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-54fh-xx46-7hx9" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-54fh-xx46-7hx9" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "acf09d7e9f52a0406ff87b349906e6278f766537755abbd90395b2179ccd36fb", - "import_time": "2024-12-20T00:32:39.390309221Z", - "id": "GHSA-54fh-xx46-7hx9", - "modified_time": "2024-12-19T11:19:35Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/tailchat-service-swagger-generator/MAL-2024-11179.json b/osv/malicious/npm/tailchat-service-swagger-generator/MAL-2024-11179.json index bc35198fd..73f38cd73 100644 --- a/osv/malicious/npm/tailchat-service-swagger-generator/MAL-2024-11179.json +++ b/osv/malicious/npm/tailchat-service-swagger-generator/MAL-2024-11179.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T19:22:57Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T19:22:57Z", "schema_version": "1.5.0", "id": "MAL-2024-11179", + "aliases": [ + "GHSA-54fh-xx46-7hx9" + ], "summary": "Malicious code in tailchat-service-swagger-generator (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (3e7ff8cbb820e751114c359031cf83427591b218df36109c315a4a749b26802c)\nThe OpenSSF Package Analysis project identified 'tailchat-service-swagger-generator' @ 10.3.8 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (acf09d7e9f52a0406ff87b349906e6278f766537755abbd90395b2179ccd36fb)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (3e7ff8cbb820e751114c359031cf83427591b218df36109c315a4a749b26802c)\nThe OpenSSF Package Analysis project identified 'tailchat-service-swagger-generator' @ 10.3.8 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "tailchat-service-swagger-generator" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "10.3.8" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-54fh-xx46-7hx9" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "3e7ff8cbb820e751114c359031cf83427591b218df36109c315a4a749b26802c", "import_time": "2024-12-02T11:05:10.436632441Z", "modified_time": "2024-12-01T19:22:57Z", - "sha256": "3e7ff8cbb820e751114c359031cf83427591b218df36109c315a4a749b26802c", - "source": "ossf-package-analysis", "versions": [ "10.3.8" ] + }, + { + "source": "ghsa-malware", + "sha256": "acf09d7e9f52a0406ff87b349906e6278f766537755abbd90395b2179ccd36fb", + "import_time": "2024-12-20T00:32:39.390309221Z", + "id": "GHSA-54fh-xx46-7hx9", + "modified_time": "2024-12-19T11:19:35Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/tauri-plugin-autostart-api/MAL-0000-ghsa-malware-b142e694f8cc092c.json b/osv/malicious/npm/tauri-plugin-autostart-api/MAL-0000-ghsa-malware-b142e694f8cc092c.json deleted file mode 100644 index 1fdad736b..000000000 --- a/osv/malicious/npm/tauri-plugin-autostart-api/MAL-0000-ghsa-malware-b142e694f8cc092c.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:21:55Z", - "published": "2024-12-19T11:21:55Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-32xm-jpw6-7frx" - ], - "summary": "Malware in tauri-plugin-autostart-api", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "tauri-plugin-autostart-api" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-32xm-jpw6-7frx" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-32xm-jpw6-7frx" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "b142e694f8cc092c192ccd1c5256735955990e191b4b413415a7304ea45c582c", - "import_time": "2024-12-20T00:32:39.370206719Z", - "id": "GHSA-32xm-jpw6-7frx", - "modified_time": "2024-12-19T11:21:55Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/tauri-plugin-autostart-api/MAL-2024-11180.json b/osv/malicious/npm/tauri-plugin-autostart-api/MAL-2024-11180.json index acab7bf3e..606d7ac34 100644 --- a/osv/malicious/npm/tauri-plugin-autostart-api/MAL-2024-11180.json +++ b/osv/malicious/npm/tauri-plugin-autostart-api/MAL-2024-11180.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-01T19:53:52Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-01T19:53:52Z", "schema_version": "1.5.0", "id": "MAL-2024-11180", + "aliases": [ + "GHSA-32xm-jpw6-7frx" + ], "summary": "Malicious code in tauri-plugin-autostart-api (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (6d96e58d5724117aaac7e261d5b3d245e09ccbac3872714bb8fa52f4e86f56c9)\nThe OpenSSF Package Analysis project identified 'tauri-plugin-autostart-api' @ 5.3.8 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (b142e694f8cc092c192ccd1c5256735955990e191b4b413415a7304ea45c582c)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (6d96e58d5724117aaac7e261d5b3d245e09ccbac3872714bb8fa52f4e86f56c9)\nThe OpenSSF Package Analysis project identified 'tauri-plugin-autostart-api' @ 5.3.8 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "tauri-plugin-autostart-api" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "5.3.8" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-32xm-jpw6-7frx" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "6d96e58d5724117aaac7e261d5b3d245e09ccbac3872714bb8fa52f4e86f56c9", "import_time": "2024-12-02T11:05:10.528113751Z", "modified_time": "2024-12-01T19:53:52Z", - "sha256": "6d96e58d5724117aaac7e261d5b3d245e09ccbac3872714bb8fa52f4e86f56c9", - "source": "ossf-package-analysis", "versions": [ "5.3.8" ] + }, + { + "source": "ghsa-malware", + "sha256": "b142e694f8cc092c192ccd1c5256735955990e191b4b413415a7304ea45c582c", + "import_time": "2024-12-20T00:32:39.370206719Z", + "id": "GHSA-32xm-jpw6-7frx", + "modified_time": "2024-12-19T11:21:55Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/tc-portal/MAL-0000-ghsa-malware-7aa4df0e0793a036.json b/osv/malicious/npm/tc-portal/MAL-0000-ghsa-malware-7aa4df0e0793a036.json deleted file mode 100644 index 9e4d0ed89..000000000 --- a/osv/malicious/npm/tc-portal/MAL-0000-ghsa-malware-7aa4df0e0793a036.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:54:13Z", - "published": "2024-12-19T11:54:12Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-5x68-frwm-pv8h" - ], - "summary": "Malware in tc-portal", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "tc-portal" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-5x68-frwm-pv8h" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-5x68-frwm-pv8h" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "7aa4df0e0793a036928e9181dd63ce9ef72640ebfe8a24284931247421024729", - "import_time": "2024-12-20T00:32:39.395477828Z", - "id": "GHSA-5x68-frwm-pv8h", - "modified_time": "2024-12-19T11:54:13Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/tc-portal/MAL-2024-11023.json b/osv/malicious/npm/tc-portal/MAL-2024-11023.json index 841a343b1..2e0e258d0 100644 --- a/osv/malicious/npm/tc-portal/MAL-2024-11023.json +++ b/osv/malicious/npm/tc-portal/MAL-2024-11023.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-26T16:27:25Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-11-26T16:27:25Z", "schema_version": "1.5.0", "id": "MAL-2024-11023", + "aliases": [ + "GHSA-5x68-frwm-pv8h" + ], "summary": "Malicious code in tc-portal (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (bf9a439165fd46df78cc4f08bf1cc9e18ebb3291ae581377916806cc15dfffde)\nThe OpenSSF Package Analysis project identified 'tc-portal' @ 15.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (7aa4df0e0793a036928e9181dd63ce9ef72640ebfe8a24284931247421024729)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (bf9a439165fd46df78cc4f08bf1cc9e18ebb3291ae581377916806cc15dfffde)\nThe OpenSSF Package Analysis project identified 'tc-portal' @ 15.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "tc-portal" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "15.0.5" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-5x68-frwm-pv8h" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "bf9a439165fd46df78cc4f08bf1cc9e18ebb3291ae581377916806cc15dfffde", "import_time": "2024-11-27T05:05:55.422199889Z", "modified_time": "2024-11-26T16:27:25Z", - "sha256": "bf9a439165fd46df78cc4f08bf1cc9e18ebb3291ae581377916806cc15dfffde", - "source": "ossf-package-analysis", "versions": [ "15.0.5" ] + }, + { + "source": "ghsa-malware", + "sha256": "7aa4df0e0793a036928e9181dd63ce9ef72640ebfe8a24284931247421024729", + "import_time": "2024-12-20T00:32:39.395477828Z", + "id": "GHSA-5x68-frwm-pv8h", + "modified_time": "2024-12-19T11:54:13Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/template-fullstack/MAL-0000-ghsa-malware-33633d723507a7bd.json b/osv/malicious/npm/template-fullstack/MAL-2024-12044.json similarity index 63% rename from osv/malicious/npm/template-fullstack/MAL-0000-ghsa-malware-33633d723507a7bd.json rename to osv/malicious/npm/template-fullstack/MAL-2024-12044.json index bb3fd9a3c..f01a93e54 100644 --- a/osv/malicious/npm/template-fullstack/MAL-0000-ghsa-malware-33633d723507a7bd.json +++ b/osv/malicious/npm/template-fullstack/MAL-2024-12044.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:31:46Z", "published": "2024-12-19T11:31:46Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12044", "aliases": [ "GHSA-jf99-gwh5-mpqv" ], - "summary": "Malware in template-fullstack", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in template-fullstack (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (33633d723507a7bd9bbcf51856f1bcf071d699040b50df09cdc88b8c343feb36)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-jf99-gwh5-mpqv" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "33633d723507a7bd9bbcf51856f1bcf071d699040b50df09cdc88b8c343feb36", - "import_time": "2024-12-20T00:32:39.472322728Z", "id": "GHSA-jf99-gwh5-mpqv", + "import_time": "2024-12-20T00:32:39.472322728Z", "modified_time": "2024-12-19T11:31:46Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "33633d723507a7bd9bbcf51856f1bcf071d699040b50df09cdc88b8c343feb36", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/testing-bounty123/MAL-0000-ghsa-malware-3baf10e9fd106ea6.json b/osv/malicious/npm/testing-bounty123/MAL-0000-ghsa-malware-3baf10e9fd106ea6.json deleted file mode 100644 index 21877d7d6..000000000 --- a/osv/malicious/npm/testing-bounty123/MAL-0000-ghsa-malware-3baf10e9fd106ea6.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:52:28Z", - "published": "2024-12-19T10:52:27Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-57xf-hc6w-3c89" - ], - "summary": "Malware in testing-bounty123", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "testing-bounty123" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-57xf-hc6w-3c89" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-57xf-hc6w-3c89" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "3baf10e9fd106ea680be856387e7922e4a863a1eaf02c4fab1aaff60e537dfbd", - "import_time": "2024-12-20T00:32:39.391117926Z", - "id": "GHSA-57xf-hc6w-3c89", - "modified_time": "2024-12-19T10:52:28Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/testing-bounty123/MAL-2024-11230.json b/osv/malicious/npm/testing-bounty123/MAL-2024-11230.json index 61b1591a6..cf4a8c7c7 100644 --- a/osv/malicious/npm/testing-bounty123/MAL-2024-11230.json +++ b/osv/malicious/npm/testing-bounty123/MAL-2024-11230.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-07T14:44:51Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-07T14:44:51Z", "schema_version": "1.5.0", "id": "MAL-2024-11230", + "aliases": [ + "GHSA-57xf-hc6w-3c89" + ], "summary": "Malicious code in testing-bounty123 (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (926e15645c1449eb5e61ed34db15d503355e86b6b2be6c784b6c14c5bcc392b5)\nThe OpenSSF Package Analysis project identified 'testing-bounty123' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (3baf10e9fd106ea680be856387e7922e4a863a1eaf02c4fab1aaff60e537dfbd)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (926e15645c1449eb5e61ed34db15d503355e86b6b2be6c784b6c14c5bcc392b5)\nThe OpenSSF Package Analysis project identified 'testing-bounty123' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "testing-bounty123" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "0.0.1" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-57xf-hc6w-3c89" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "926e15645c1449eb5e61ed34db15d503355e86b6b2be6c784b6c14c5bcc392b5", "import_time": "2024-12-07T15:04:58.338852326Z", "modified_time": "2024-12-07T14:44:51Z", - "sha256": "926e15645c1449eb5e61ed34db15d503355e86b6b2be6c784b6c14c5bcc392b5", - "source": "ossf-package-analysis", "versions": [ "0.0.1" ] + }, + { + "source": "ghsa-malware", + "sha256": "3baf10e9fd106ea680be856387e7922e4a863a1eaf02c4fab1aaff60e537dfbd", + "import_time": "2024-12-20T00:32:39.391117926Z", + "id": "GHSA-57xf-hc6w-3c89", + "modified_time": "2024-12-19T10:52:28Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/tiktok-ui/MAL-0000-ghsa-malware-50583d9b69442a31.json b/osv/malicious/npm/tiktok-ui/MAL-2024-12045.json similarity index 63% rename from osv/malicious/npm/tiktok-ui/MAL-0000-ghsa-malware-50583d9b69442a31.json rename to osv/malicious/npm/tiktok-ui/MAL-2024-12045.json index 730632a1c..e8a46bf13 100644 --- a/osv/malicious/npm/tiktok-ui/MAL-0000-ghsa-malware-50583d9b69442a31.json +++ b/osv/malicious/npm/tiktok-ui/MAL-2024-12045.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:12Z", "published": "2024-12-19T10:56:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12045", "aliases": [ "GHSA-9qj9-px3w-6q8h" ], - "summary": "Malware in tiktok-ui", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in tiktok-ui (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (50583d9b69442a311dc38ffa7bb2a8d8f476b282ed859fa472dafd4672205809)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-9qj9-px3w-6q8h" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "50583d9b69442a311dc38ffa7bb2a8d8f476b282ed859fa472dafd4672205809", - "import_time": "2024-12-20T00:32:39.427889344Z", "id": "GHSA-9qj9-px3w-6q8h", + "import_time": "2024-12-20T00:32:39.427889344Z", "modified_time": "2024-12-19T10:56:12Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "50583d9b69442a311dc38ffa7bb2a8d8f476b282ed859fa472dafd4672205809", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/tiktok_embed_v2/MAL-0000-ghsa-malware-cedd877746749d5c.json b/osv/malicious/npm/tiktok_embed_v2/MAL-2024-12046.json similarity index 63% rename from osv/malicious/npm/tiktok_embed_v2/MAL-0000-ghsa-malware-cedd877746749d5c.json rename to osv/malicious/npm/tiktok_embed_v2/MAL-2024-12046.json index 58c18cc9a..1e527e7d2 100644 --- a/osv/malicious/npm/tiktok_embed_v2/MAL-0000-ghsa-malware-cedd877746749d5c.json +++ b/osv/malicious/npm/tiktok_embed_v2/MAL-2024-12046.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:20:18Z", "published": "2024-12-19T13:20:13Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12046", "aliases": [ "GHSA-3cpv-cw63-6mwf" ], - "summary": "Malware in tiktok_embed_v2", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in tiktok_embed_v2 (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (cedd877746749d5c38833b338e2e72d91bc521f21eaa22de4fa05aca509fa7e5)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-3cpv-cw63-6mwf" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "cedd877746749d5c38833b338e2e72d91bc521f21eaa22de4fa05aca509fa7e5", - "import_time": "2024-12-20T00:32:39.375107285Z", "id": "GHSA-3cpv-cw63-6mwf", + "import_time": "2024-12-20T00:32:39.375107285Z", "modified_time": "2024-12-19T13:20:18Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "cedd877746749d5c38833b338e2e72d91bc521f21eaa22de4fa05aca509fa7e5", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/tools_platform/MAL-0000-ghsa-malware-cce108b444c9a36a.json b/osv/malicious/npm/tools_platform/MAL-2024-12047.json similarity index 63% rename from osv/malicious/npm/tools_platform/MAL-0000-ghsa-malware-cce108b444c9a36a.json rename to osv/malicious/npm/tools_platform/MAL-2024-12047.json index 0baef74c8..656a063c8 100644 --- a/osv/malicious/npm/tools_platform/MAL-0000-ghsa-malware-cce108b444c9a36a.json +++ b/osv/malicious/npm/tools_platform/MAL-2024-12047.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:56:02Z", "published": "2024-12-19T10:56:02Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12047", "aliases": [ "GHSA-h6j6-53ff-4fr6" ], - "summary": "Malware in tools_platform", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in tools_platform (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (cce108b444c9a36ad6acda9ea27bf9a2c4ebefee5acf9bec84477f93a1329b04)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-h6j6-53ff-4fr6" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "cce108b444c9a36ad6acda9ea27bf9a2c4ebefee5acf9bec84477f93a1329b04", - "import_time": "2024-12-20T00:32:39.46224694Z", "id": "GHSA-h6j6-53ff-4fr6", + "import_time": "2024-12-20T00:32:39.46224694Z", "modified_time": "2024-12-19T10:56:02Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "cce108b444c9a36ad6acda9ea27bf9a2c4ebefee5acf9bec84477f93a1329b04", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/tournament_service/MAL-0000-ghsa-malware-5a51c146ed2933a7.json b/osv/malicious/npm/tournament_service/MAL-2024-12048.json similarity index 63% rename from osv/malicious/npm/tournament_service/MAL-0000-ghsa-malware-5a51c146ed2933a7.json rename to osv/malicious/npm/tournament_service/MAL-2024-12048.json index e38e63549..14aed3e95 100644 --- a/osv/malicious/npm/tournament_service/MAL-0000-ghsa-malware-5a51c146ed2933a7.json +++ b/osv/malicious/npm/tournament_service/MAL-2024-12048.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:12:45Z", "published": "2024-12-19T11:12:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12048", "aliases": [ "GHSA-jhrm-mcfv-54jq" ], - "summary": "Malware in tournament_service", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in tournament_service (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (5a51c146ed2933a7f62a56c8bcf7aca713a310334900137f2667c9dbafbfb204)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-jhrm-mcfv-54jq" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "5a51c146ed2933a7f62a56c8bcf7aca713a310334900137f2667c9dbafbfb204", - "import_time": "2024-12-20T00:32:39.473112838Z", "id": "GHSA-jhrm-mcfv-54jq", + "import_time": "2024-12-20T00:32:39.473112838Z", "modified_time": "2024-12-19T11:12:45Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "5a51c146ed2933a7f62a56c8bcf7aca713a310334900137f2667c9dbafbfb204", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/uflexreward-api/MAL-0000-ghsa-malware-57620816e143ff26.json b/osv/malicious/npm/uflexreward-api/MAL-2024-12050.json similarity index 63% rename from osv/malicious/npm/uflexreward-api/MAL-0000-ghsa-malware-57620816e143ff26.json rename to osv/malicious/npm/uflexreward-api/MAL-2024-12050.json index 6f1c16b7f..14bd78e1e 100644 --- a/osv/malicious/npm/uflexreward-api/MAL-0000-ghsa-malware-57620816e143ff26.json +++ b/osv/malicious/npm/uflexreward-api/MAL-2024-12050.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:05:54Z", "published": "2024-12-19T11:05:53Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12050", "aliases": [ "GHSA-37mj-rq4j-wcqq" ], - "summary": "Malware in uflexreward-api", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in uflexreward-api (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (57620816e143ff2658a9323cbf5e516cacf63db55bbe14fecdabeafd68bf1d8a)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-37mj-rq4j-wcqq" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "57620816e143ff2658a9323cbf5e516cacf63db55bbe14fecdabeafd68bf1d8a", - "import_time": "2024-12-20T00:32:39.373487985Z", "id": "GHSA-37mj-rq4j-wcqq", + "import_time": "2024-12-20T00:32:39.373487985Z", "modified_time": "2024-12-19T11:05:54Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "57620816e143ff2658a9323cbf5e516cacf63db55bbe14fecdabeafd68bf1d8a", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/uflexreward-core/MAL-0000-ghsa-malware-ab6f3991bf23d78b.json b/osv/malicious/npm/uflexreward-core/MAL-2024-12051.json similarity index 63% rename from osv/malicious/npm/uflexreward-core/MAL-0000-ghsa-malware-ab6f3991bf23d78b.json rename to osv/malicious/npm/uflexreward-core/MAL-2024-12051.json index 82c7fae9d..1c2afcf39 100644 --- a/osv/malicious/npm/uflexreward-core/MAL-0000-ghsa-malware-ab6f3991bf23d78b.json +++ b/osv/malicious/npm/uflexreward-core/MAL-2024-12051.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:05:54Z", "published": "2024-12-19T11:05:53Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12051", "aliases": [ "GHSA-r87h-7hxh-v36m" ], - "summary": "Malware in uflexreward-core", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in uflexreward-core (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (ab6f3991bf23d78bbb66f584b408dc443c00d8dab5a6221ab255911e5c17d058)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-r87h-7hxh-v36m" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "ab6f3991bf23d78bbb66f584b408dc443c00d8dab5a6221ab255911e5c17d058", - "import_time": "2024-12-20T00:32:39.503848752Z", "id": "GHSA-r87h-7hxh-v36m", + "import_time": "2024-12-20T00:32:39.503848752Z", "modified_time": "2024-12-19T11:05:54Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "ab6f3991bf23d78bbb66f584b408dc443c00d8dab5a6221ab255911e5c17d058", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/uflexreward-test/MAL-0000-ghsa-malware-12a03cd0b643eecb.json b/osv/malicious/npm/uflexreward-test/MAL-2024-12052.json similarity index 63% rename from osv/malicious/npm/uflexreward-test/MAL-0000-ghsa-malware-12a03cd0b643eecb.json rename to osv/malicious/npm/uflexreward-test/MAL-2024-12052.json index b184c98f6..b14c16dfe 100644 --- a/osv/malicious/npm/uflexreward-test/MAL-0000-ghsa-malware-12a03cd0b643eecb.json +++ b/osv/malicious/npm/uflexreward-test/MAL-2024-12052.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:05:54Z", "published": "2024-12-19T11:05:53Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12052", "aliases": [ "GHSA-x2h6-3mf2-3gpg" ], - "summary": "Malware in uflexreward-test", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in uflexreward-test (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (12a03cd0b643eecb9171dd74f66e1916442f16b25e64f6652fc489fda6e8fe19)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-x2h6-3mf2-3gpg" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "12a03cd0b643eecb9171dd74f66e1916442f16b25e64f6652fc489fda6e8fe19", - "import_time": "2024-12-20T00:32:39.527747878Z", "id": "GHSA-x2h6-3mf2-3gpg", + "import_time": "2024-12-20T00:32:39.527747878Z", "modified_time": "2024-12-19T11:05:54Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "12a03cd0b643eecb9171dd74f66e1916442f16b25e64f6652fc489fda6e8fe19", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/uflexreward-utils/MAL-0000-ghsa-malware-f7379f8591040c92.json b/osv/malicious/npm/uflexreward-utils/MAL-2024-12053.json similarity index 63% rename from osv/malicious/npm/uflexreward-utils/MAL-0000-ghsa-malware-f7379f8591040c92.json rename to osv/malicious/npm/uflexreward-utils/MAL-2024-12053.json index cc209b461..53477cb24 100644 --- a/osv/malicious/npm/uflexreward-utils/MAL-0000-ghsa-malware-f7379f8591040c92.json +++ b/osv/malicious/npm/uflexreward-utils/MAL-2024-12053.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:05:54Z", "published": "2024-12-19T11:05:53Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12053", "aliases": [ "GHSA-q364-82ch-p234" ], - "summary": "Malware in uflexreward-utils", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in uflexreward-utils (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (f7379f8591040c92a4329b5312d80e8291304a7106cac2b41cb406b21a9e6b4d)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-q364-82ch-p234" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "f7379f8591040c92a4329b5312d80e8291304a7106cac2b41cb406b21a9e6b4d", - "import_time": "2024-12-20T00:32:39.492479552Z", "id": "GHSA-q364-82ch-p234", + "import_time": "2024-12-20T00:32:39.492479552Z", "modified_time": "2024-12-19T11:05:54Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "f7379f8591040c92a4329b5312d80e8291304a7106cac2b41cb406b21a9e6b4d", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/uflexreward/MAL-0000-ghsa-malware-c21575a90acc8da3.json b/osv/malicious/npm/uflexreward/MAL-2024-12049.json similarity index 63% rename from osv/malicious/npm/uflexreward/MAL-0000-ghsa-malware-c21575a90acc8da3.json rename to osv/malicious/npm/uflexreward/MAL-2024-12049.json index 545cf8f09..d53c139a0 100644 --- a/osv/malicious/npm/uflexreward/MAL-0000-ghsa-malware-c21575a90acc8da3.json +++ b/osv/malicious/npm/uflexreward/MAL-2024-12049.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:05:54Z", "published": "2024-12-19T11:05:53Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12049", "aliases": [ "GHSA-hghh-4fv6-h27m" ], - "summary": "Malware in uflexreward", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in uflexreward (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (c21575a90acc8da331ae3405950ef6ddf8c967865884904c66e3735a38c3bbfe)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-hghh-4fv6-h27m" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "c21575a90acc8da331ae3405950ef6ddf8c967865884904c66e3735a38c3bbfe", - "import_time": "2024-12-20T00:32:39.466638352Z", "id": "GHSA-hghh-4fv6-h27m", + "import_time": "2024-12-20T00:32:39.466638352Z", "modified_time": "2024-12-19T11:05:54Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "c21575a90acc8da331ae3405950ef6ddf8c967865884904c66e3735a38c3bbfe", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/uid-2-test-ts/MAL-0000-ghsa-malware-9f2900f53327b861.json b/osv/malicious/npm/uid-2-test-ts/MAL-2024-12054.json similarity index 63% rename from osv/malicious/npm/uid-2-test-ts/MAL-0000-ghsa-malware-9f2900f53327b861.json rename to osv/malicious/npm/uid-2-test-ts/MAL-2024-12054.json index ce98983b5..241970280 100644 --- a/osv/malicious/npm/uid-2-test-ts/MAL-0000-ghsa-malware-9f2900f53327b861.json +++ b/osv/malicious/npm/uid-2-test-ts/MAL-2024-12054.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:54:18Z", "published": "2024-12-19T11:54:12Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12054", "aliases": [ "GHSA-r8rr-6rh8-gpm5" ], - "summary": "Malware in uid-2-test-ts", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in uid-2-test-ts (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (9f2900f53327b861bd4050d2e38c0e867e8ace72a97f5525cb74f56a7af8373e)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-r8rr-6rh8-gpm5" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "9f2900f53327b861bd4050d2e38c0e867e8ace72a97f5525cb74f56a7af8373e", - "import_time": "2024-12-20T00:32:39.504676421Z", "id": "GHSA-r8rr-6rh8-gpm5", + "import_time": "2024-12-20T00:32:39.504676421Z", "modified_time": "2024-12-19T11:54:18Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "9f2900f53327b861bd4050d2e38c0e867e8ace72a97f5525cb74f56a7af8373e", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/uid2-publisher/MAL-0000-ghsa-malware-07aebc5dbf3b61ba.json b/osv/malicious/npm/uid2-publisher/MAL-0000-ghsa-malware-07aebc5dbf3b61ba.json deleted file mode 100644 index 511d6a49c..000000000 --- a/osv/malicious/npm/uid2-publisher/MAL-0000-ghsa-malware-07aebc5dbf3b61ba.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:54:17Z", - "published": "2024-12-19T11:54:12Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-5m6h-9gpv-rfp8" - ], - "summary": "Malware in uid2-publisher", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "uid2-publisher" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-5m6h-9gpv-rfp8" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-5m6h-9gpv-rfp8" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "07aebc5dbf3b61ba90b2d709f5b43ce5a08f773e0eff9ec55029e2c0ea5c027e", - "import_time": "2024-12-20T00:32:39.392876939Z", - "id": "GHSA-5m6h-9gpv-rfp8", - "modified_time": "2024-12-19T11:54:17Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/uid2-publisher/MAL-2024-11024.json b/osv/malicious/npm/uid2-publisher/MAL-2024-11024.json index 6a29a910c..cbffa8c60 100644 --- a/osv/malicious/npm/uid2-publisher/MAL-2024-11024.json +++ b/osv/malicious/npm/uid2-publisher/MAL-2024-11024.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-26T16:33:58Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-11-26T16:33:58Z", "schema_version": "1.5.0", "id": "MAL-2024-11024", + "aliases": [ + "GHSA-5m6h-9gpv-rfp8" + ], "summary": "Malicious code in uid2-publisher (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (7ec08e1dc78b812335d38a0caed956d7ca9b2df970b12b29d46c8619aefbc230)\nThe OpenSSF Package Analysis project identified 'uid2-publisher' @ 15.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (07aebc5dbf3b61ba90b2d709f5b43ce5a08f773e0eff9ec55029e2c0ea5c027e)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (7ec08e1dc78b812335d38a0caed956d7ca9b2df970b12b29d46c8619aefbc230)\nThe OpenSSF Package Analysis project identified 'uid2-publisher' @ 15.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "uid2-publisher" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "15.0.5" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-5m6h-9gpv-rfp8" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "7ec08e1dc78b812335d38a0caed956d7ca9b2df970b12b29d46c8619aefbc230", "import_time": "2024-11-27T05:05:55.539796432Z", "modified_time": "2024-11-26T16:33:58Z", - "sha256": "7ec08e1dc78b812335d38a0caed956d7ca9b2df970b12b29d46c8619aefbc230", - "source": "ossf-package-analysis", "versions": [ "15.0.5" ] + }, + { + "source": "ghsa-malware", + "sha256": "07aebc5dbf3b61ba90b2d709f5b43ce5a08f773e0eff9ec55029e2c0ea5c027e", + "import_time": "2024-12-20T00:32:39.392876939Z", + "id": "GHSA-5m6h-9gpv-rfp8", + "modified_time": "2024-12-19T11:54:17Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/uieyruhen/MAL-0000-ghsa-malware-9bf41327d08044a7.json b/osv/malicious/npm/uieyruhen/MAL-2024-12055.json similarity index 63% rename from osv/malicious/npm/uieyruhen/MAL-0000-ghsa-malware-9bf41327d08044a7.json rename to osv/malicious/npm/uieyruhen/MAL-2024-12055.json index 3e3daba54..1d87f7adf 100644 --- a/osv/malicious/npm/uieyruhen/MAL-0000-ghsa-malware-9bf41327d08044a7.json +++ b/osv/malicious/npm/uieyruhen/MAL-2024-12055.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:04:48Z", "published": "2024-12-19T13:04:42Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12055", "aliases": [ "GHSA-w4w3-39rx-j94q" ], - "summary": "Malware in uieyruhen", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in uieyruhen (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (9bf41327d08044a79de665efb499271f25d43926008abc6c34ca0de6e5827b8f)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-w4w3-39rx-j94q" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "9bf41327d08044a79de665efb499271f25d43926008abc6c34ca0de6e5827b8f", - "import_time": "2024-12-20T00:32:39.516478692Z", "id": "GHSA-w4w3-39rx-j94q", + "import_time": "2024-12-20T00:32:39.516478692Z", "modified_time": "2024-12-19T13:04:48Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "9bf41327d08044a79de665efb499271f25d43926008abc6c34ca0de6e5827b8f", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/uiqweyruhen/MAL-0000-ghsa-malware-7a689bb7cb8496e5.json b/osv/malicious/npm/uiqweyruhen/MAL-2024-12056.json similarity index 63% rename from osv/malicious/npm/uiqweyruhen/MAL-0000-ghsa-malware-7a689bb7cb8496e5.json rename to osv/malicious/npm/uiqweyruhen/MAL-2024-12056.json index dd6e74e6d..87ebab93b 100644 --- a/osv/malicious/npm/uiqweyruhen/MAL-0000-ghsa-malware-7a689bb7cb8496e5.json +++ b/osv/malicious/npm/uiqweyruhen/MAL-2024-12056.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:04:47Z", "published": "2024-12-19T13:04:42Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12056", "aliases": [ "GHSA-qwmw-83wm-q28g" ], - "summary": "Malware in uiqweyruhen", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in uiqweyruhen (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (7a689bb7cb8496e580d7d1b1f103c603686ac7c6ef203bae7bf208b40890fe2f)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-qwmw-83wm-q28g" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "7a689bb7cb8496e580d7d1b1f103c603686ac7c6ef203bae7bf208b40890fe2f", - "import_time": "2024-12-20T00:32:39.501038823Z", "id": "GHSA-qwmw-83wm-q28g", + "import_time": "2024-12-20T00:32:39.501038823Z", "modified_time": "2024-12-19T13:04:47Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "7a689bb7cb8496e580d7d1b1f103c603686ac7c6ef203bae7bf208b40890fe2f", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/upgrade-solara/MAL-0000-ghsa-malware-06786e0684a9afc6.json b/osv/malicious/npm/upgrade-solara/MAL-2024-12057.json similarity index 63% rename from osv/malicious/npm/upgrade-solara/MAL-0000-ghsa-malware-06786e0684a9afc6.json rename to osv/malicious/npm/upgrade-solara/MAL-2024-12057.json index 0525469b7..c8c94cb74 100644 --- a/osv/malicious/npm/upgrade-solara/MAL-0000-ghsa-malware-06786e0684a9afc6.json +++ b/osv/malicious/npm/upgrade-solara/MAL-2024-12057.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:42:01Z", "published": "2024-12-19T10:42:01Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12057", "aliases": [ "GHSA-f6wx-5vj4-598v" ], - "summary": "Malware in upgrade-solara", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in upgrade-solara (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (06786e0684a9afc602c99f62a977e170fc435947a63896cfd50abc00997f7b63)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-f6wx-5vj4-598v" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "06786e0684a9afc602c99f62a977e170fc435947a63896cfd50abc00997f7b63", - "import_time": "2024-12-20T00:32:39.442134903Z", "id": "GHSA-f6wx-5vj4-598v", + "import_time": "2024-12-20T00:32:39.442134903Z", "modified_time": "2024-12-19T10:42:01Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "06786e0684a9afc602c99f62a977e170fc435947a63896cfd50abc00997f7b63", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/upload-artifact/MAL-0000-ghsa-malware-9241c352df8001e3.json b/osv/malicious/npm/upload-artifact/MAL-2024-12058.json similarity index 63% rename from osv/malicious/npm/upload-artifact/MAL-0000-ghsa-malware-9241c352df8001e3.json rename to osv/malicious/npm/upload-artifact/MAL-2024-12058.json index 280d8bcaa..adb212645 100644 --- a/osv/malicious/npm/upload-artifact/MAL-0000-ghsa-malware-9241c352df8001e3.json +++ b/osv/malicious/npm/upload-artifact/MAL-2024-12058.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T09:55:13Z", "published": "2024-12-19T09:55:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12058", "aliases": [ "GHSA-6794-p38q-68j9" ], - "summary": "Malware in upload-artifact", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in upload-artifact (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (9241c352df8001e364da964a6123f4cefa259415eefa70930aef98fe673a3202)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-6794-p38q-68j9" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "9241c352df8001e364da964a6123f4cefa259415eefa70930aef98fe673a3202", - "import_time": "2024-12-20T00:32:39.397787075Z", "id": "GHSA-6794-p38q-68j9", + "import_time": "2024-12-20T00:32:39.397787075Z", "modified_time": "2024-12-19T09:55:13Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "9241c352df8001e364da964a6123f4cefa259415eefa70930aef98fe673a3202", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/usdc.js/MAL-0000-ghsa-malware-8c87f8dca2d6eefc.json b/osv/malicious/npm/usdc.js/MAL-0000-ghsa-malware-8c87f8dca2d6eefc.json deleted file mode 100644 index 4393d5626..000000000 --- a/osv/malicious/npm/usdc.js/MAL-0000-ghsa-malware-8c87f8dca2d6eefc.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T10:52:28Z", - "published": "2024-12-19T10:52:27Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-g378-7q3m-xhjh" - ], - "summary": "Malware in usdc.js", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "usdc.js" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-g378-7q3m-xhjh" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-g378-7q3m-xhjh" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "8c87f8dca2d6eefcdbdec42cfba8e7b187195b7531d277735a9e255911fc1e3e", - "import_time": "2024-12-20T00:32:39.451001784Z", - "id": "GHSA-g378-7q3m-xhjh", - "modified_time": "2024-12-19T10:52:28Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/usdc.js/MAL-2024-11223.json b/osv/malicious/npm/usdc.js/MAL-2024-11223.json index 73e4aaf55..69762508a 100644 --- a/osv/malicious/npm/usdc.js/MAL-2024-11223.json +++ b/osv/malicious/npm/usdc.js/MAL-2024-11223.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-07T06:03:28Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-07T06:03:28Z", "schema_version": "1.5.0", "id": "MAL-2024-11223", + "aliases": [ + "GHSA-g378-7q3m-xhjh" + ], "summary": "Malicious code in usdc.js (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (0770246fe6b20449133e44cbfdfe865f337f2bab8702567eaf390c228d84bc8e)\nThe OpenSSF Package Analysis project identified 'usdc.js' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (8c87f8dca2d6eefcdbdec42cfba8e7b187195b7531d277735a9e255911fc1e3e)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (0770246fe6b20449133e44cbfdfe865f337f2bab8702567eaf390c228d84bc8e)\nThe OpenSSF Package Analysis project identified 'usdc.js' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "usdc.js" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.0.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-g378-7q3m-xhjh" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "0770246fe6b20449133e44cbfdfe865f337f2bab8702567eaf390c228d84bc8e", "import_time": "2024-12-07T06:06:49.11476382Z", "modified_time": "2024-12-07T06:03:28Z", - "sha256": "0770246fe6b20449133e44cbfdfe865f337f2bab8702567eaf390c228d84bc8e", - "source": "ossf-package-analysis", "versions": [ "1.0.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "8c87f8dca2d6eefcdbdec42cfba8e7b187195b7531d277735a9e255911fc1e3e", + "import_time": "2024-12-20T00:32:39.451001784Z", + "id": "GHSA-g378-7q3m-xhjh", + "modified_time": "2024-12-19T10:52:28Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/vintage-poc/MAL-0000-ghsa-malware-63f6bc17c1c01e6f.json b/osv/malicious/npm/vintage-poc/MAL-2024-12059.json similarity index 63% rename from osv/malicious/npm/vintage-poc/MAL-0000-ghsa-malware-63f6bc17c1c01e6f.json rename to osv/malicious/npm/vintage-poc/MAL-2024-12059.json index b20e50c2c..bdbd23535 100644 --- a/osv/malicious/npm/vintage-poc/MAL-0000-ghsa-malware-63f6bc17c1c01e6f.json +++ b/osv/malicious/npm/vintage-poc/MAL-2024-12059.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:45:42Z", "published": "2024-12-19T11:45:37Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12059", "aliases": [ "GHSA-fv69-j9rq-qjww" ], - "summary": "Malware in vintage-poc", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in vintage-poc (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (63f6bc17c1c01e6f49a004e5384314cbf05ad37d339d259358798671c386b601)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-fv69-j9rq-qjww" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "63f6bc17c1c01e6f49a004e5384314cbf05ad37d339d259358798671c386b601", - "import_time": "2024-12-20T00:32:39.44730322Z", "id": "GHSA-fv69-j9rq-qjww", + "import_time": "2024-12-20T00:32:39.44730322Z", "modified_time": "2024-12-19T11:45:42Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "63f6bc17c1c01e6f49a004e5384314cbf05ad37d339d259358798671c386b601", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/vite-plugin-unus-api-register/MAL-0000-ghsa-malware-c79ccf9234ae6ea6.json b/osv/malicious/npm/vite-plugin-unus-api-register/MAL-0000-ghsa-malware-c79ccf9234ae6ea6.json deleted file mode 100644 index d5592fe20..000000000 --- a/osv/malicious/npm/vite-plugin-unus-api-register/MAL-0000-ghsa-malware-c79ccf9234ae6ea6.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T13:15:13Z", - "published": "2024-12-19T13:15:09Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-vcc7-qj7h-4hp4" - ], - "summary": "Malware in vite-plugin-unus-api-register", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "vite-plugin-unus-api-register" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-vcc7-qj7h-4hp4" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-vcc7-qj7h-4hp4" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "c79ccf9234ae6ea621dca31ab486d57d162d4c344342f26de0924579cb3b2d68", - "import_time": "2024-12-20T00:32:39.511933384Z", - "id": "GHSA-vcc7-qj7h-4hp4", - "modified_time": "2024-12-19T13:15:13Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/vite-plugin-unus-api-register/MAL-2024-10875.json b/osv/malicious/npm/vite-plugin-unus-api-register/MAL-2024-10875.json index 966096d08..3b358382d 100644 --- a/osv/malicious/npm/vite-plugin-unus-api-register/MAL-2024-10875.json +++ b/osv/malicious/npm/vite-plugin-unus-api-register/MAL-2024-10875.json @@ -1,19 +1,47 @@ { - "modified": "2024-11-21T20:24:52Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-11-21T20:24:52Z", "schema_version": "1.5.0", "id": "MAL-2024-10875", + "aliases": [ + "GHSA-vcc7-qj7h-4hp4" + ], "summary": "Malicious code in vite-plugin-unus-api-register (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (6cbf2cf83d8f00986eaa1777e8d26cfea1a79007320ea03c06622afb78f2e0cc)\nThe OpenSSF Package Analysis project identified 'vite-plugin-unus-api-register' @ 6.2.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (c79ccf9234ae6ea621dca31ab486d57d162d4c344342f26de0924579cb3b2d68)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (6cbf2cf83d8f00986eaa1777e8d26cfea1a79007320ea03c06622afb78f2e0cc)\nThe OpenSSF Package Analysis project identified 'vite-plugin-unus-api-register' @ 6.2.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "vite-plugin-unus-api-register" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "6.2.3" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-vcc7-qj7h-4hp4" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "6cbf2cf83d8f00986eaa1777e8d26cfea1a79007320ea03c06622afb78f2e0cc", "import_time": "2024-11-21T23:05:43.562051732Z", "modified_time": "2024-11-21T20:24:52Z", - "sha256": "6cbf2cf83d8f00986eaa1777e8d26cfea1a79007320ea03c06622afb78f2e0cc", - "source": "ossf-package-analysis", "versions": [ "6.2.3" ] + }, + { + "source": "ghsa-malware", + "sha256": "c79ccf9234ae6ea621dca31ab486d57d162d4c344342f26de0924579cb3b2d68", + "import_time": "2024-12-20T00:32:39.511933384Z", + "id": "GHSA-vcc7-qj7h-4hp4", + "modified_time": "2024-12-19T13:15:13Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/vue-midata/MAL-0000-ghsa-malware-fc06ec1e2eb7c0a1.json b/osv/malicious/npm/vue-midata/MAL-0000-ghsa-malware-fc06ec1e2eb7c0a1.json deleted file mode 100644 index 719562821..000000000 --- a/osv/malicious/npm/vue-midata/MAL-0000-ghsa-malware-fc06ec1e2eb7c0a1.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T11:46:17Z", - "published": "2024-12-19T11:46:12Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-p7cf-mj2q-fwrg" - ], - "summary": "Malware in vue-midata", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "vue-midata" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-p7cf-mj2q-fwrg" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-p7cf-mj2q-fwrg" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "fc06ec1e2eb7c0a1bd2a27e81568ad8ee48c80f63b74284118e768a9740222e2", - "import_time": "2024-12-20T00:32:39.485232685Z", - "id": "GHSA-p7cf-mj2q-fwrg", - "modified_time": "2024-12-19T11:46:17Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/vue-midata/MAL-2024-11190.json b/osv/malicious/npm/vue-midata/MAL-2024-11190.json index f445cef36..72fa78b81 100644 --- a/osv/malicious/npm/vue-midata/MAL-2024-11190.json +++ b/osv/malicious/npm/vue-midata/MAL-2024-11190.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-04T11:57:41Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-04T11:57:41Z", "schema_version": "1.5.0", "id": "MAL-2024-11190", + "aliases": [ + "GHSA-p7cf-mj2q-fwrg" + ], "summary": "Malicious code in vue-midata (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (6340c3bf444c290ca7b34419aa19e45b13aed58403d403bc672fd056c99e70e0)\nThe OpenSSF Package Analysis project identified 'vue-midata' @ 9.5.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (fc06ec1e2eb7c0a1bd2a27e81568ad8ee48c80f63b74284118e768a9740222e2)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (6340c3bf444c290ca7b34419aa19e45b13aed58403d403bc672fd056c99e70e0)\nThe OpenSSF Package Analysis project identified 'vue-midata' @ 9.5.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "vue-midata" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "9.5.2" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-p7cf-mj2q-fwrg" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "6340c3bf444c290ca7b34419aa19e45b13aed58403d403bc672fd056c99e70e0", "import_time": "2024-12-05T00:22:59.37856147Z", "modified_time": "2024-12-04T11:57:41Z", - "sha256": "6340c3bf444c290ca7b34419aa19e45b13aed58403d403bc672fd056c99e70e0", - "source": "ossf-package-analysis", "versions": [ "9.5.2" ] + }, + { + "source": "ghsa-malware", + "sha256": "fc06ec1e2eb7c0a1bd2a27e81568ad8ee48c80f63b74284118e768a9740222e2", + "import_time": "2024-12-20T00:32:39.485232685Z", + "id": "GHSA-p7cf-mj2q-fwrg", + "modified_time": "2024-12-19T11:46:17Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/web-app-search/MAL-0000-ghsa-malware-ec79d580d43f835f.json b/osv/malicious/npm/web-app-search/MAL-0000-ghsa-malware-ec79d580d43f835f.json deleted file mode 100644 index 24677d373..000000000 --- a/osv/malicious/npm/web-app-search/MAL-0000-ghsa-malware-ec79d580d43f835f.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T12:52:12Z", - "published": "2024-12-19T12:52:11Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-gjhv-mcr4-5jx9" - ], - "summary": "Malware in web-app-search", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "web-app-search" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-gjhv-mcr4-5jx9" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-gjhv-mcr4-5jx9" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "ec79d580d43f835fcecc4698a0de40fde087ff79c80f5941edc641892528eb16", - "import_time": "2024-12-20T00:32:39.456079194Z", - "id": "GHSA-gjhv-mcr4-5jx9", - "modified_time": "2024-12-19T12:52:12Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/web-app-search/MAL-2024-11788.json b/osv/malicious/npm/web-app-search/MAL-2024-11788.json index 1ffcdce73..4e9766278 100644 --- a/osv/malicious/npm/web-app-search/MAL-2024-11788.json +++ b/osv/malicious/npm/web-app-search/MAL-2024-11788.json @@ -1,19 +1,47 @@ { - "modified": "2024-12-12T05:23:52Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-12T05:23:52Z", "schema_version": "1.5.0", "id": "MAL-2024-11788", + "aliases": [ + "GHSA-gjhv-mcr4-5jx9" + ], "summary": "Malicious code in web-app-search (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (87577d2bc5ebab2701fae258286f1712213d0a17f62420a7cc32228f120a4ca2)\nThe OpenSSF Package Analysis project identified 'web-app-search' @ 9.9.12 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (ec79d580d43f835fcecc4698a0de40fde087ff79c80f5941edc641892528eb16)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (87577d2bc5ebab2701fae258286f1712213d0a17f62420a7cc32228f120a4ca2)\nThe OpenSSF Package Analysis project identified 'web-app-search' @ 9.9.12 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "web-app-search" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "9.9.12" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-gjhv-mcr4-5jx9" } ], "credits": [ @@ -29,13 +57,30 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "87577d2bc5ebab2701fae258286f1712213d0a17f62420a7cc32228f120a4ca2", "import_time": "2024-12-12T05:37:09.346420159Z", "modified_time": "2024-12-12T05:23:52Z", - "sha256": "87577d2bc5ebab2701fae258286f1712213d0a17f62420a7cc32228f120a4ca2", - "source": "ossf-package-analysis", "versions": [ "9.9.12" ] + }, + { + "source": "ghsa-malware", + "sha256": "ec79d580d43f835fcecc4698a0de40fde087ff79c80f5941edc641892528eb16", + "import_time": "2024-12-20T00:32:39.456079194Z", + "id": "GHSA-gjhv-mcr4-5jx9", + "modified_time": "2024-12-19T12:52:12Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] } diff --git a/osv/malicious/npm/woodpecker-ci/MAL-0000-ghsa-malware-cff5749234f2b259.json b/osv/malicious/npm/woodpecker-ci/MAL-2024-12060.json similarity index 63% rename from osv/malicious/npm/woodpecker-ci/MAL-0000-ghsa-malware-cff5749234f2b259.json rename to osv/malicious/npm/woodpecker-ci/MAL-2024-12060.json index 71da91eb8..15644025a 100644 --- a/osv/malicious/npm/woodpecker-ci/MAL-0000-ghsa-malware-cff5749234f2b259.json +++ b/osv/malicious/npm/woodpecker-ci/MAL-2024-12060.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:13:20Z", "published": "2024-12-19T11:13:19Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12060", "aliases": [ "GHSA-jmhp-jxfr-wr87" ], - "summary": "Malware in woodpecker-ci", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in woodpecker-ci (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (cff5749234f2b25995b0c9e8c5b6baa0434340fe0646aa21e19eef1e6612812a)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-jmhp-jxfr-wr87" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "cff5749234f2b25995b0c9e8c5b6baa0434340fe0646aa21e19eef1e6612812a", - "import_time": "2024-12-20T00:32:39.473862834Z", "id": "GHSA-jmhp-jxfr-wr87", + "import_time": "2024-12-20T00:32:39.473862834Z", "modified_time": "2024-12-19T11:13:20Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "cff5749234f2b25995b0c9e8c5b6baa0434340fe0646aa21e19eef1e6612812a", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/xeno-api/MAL-0000-ghsa-malware-388f6e19c676bafc.json b/osv/malicious/npm/xeno-api/MAL-2024-12061.json similarity index 63% rename from osv/malicious/npm/xeno-api/MAL-0000-ghsa-malware-388f6e19c676bafc.json rename to osv/malicious/npm/xeno-api/MAL-2024-12061.json index ef940d755..a6b3e4ade 100644 --- a/osv/malicious/npm/xeno-api/MAL-0000-ghsa-malware-388f6e19c676bafc.json +++ b/osv/malicious/npm/xeno-api/MAL-2024-12061.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T10:42:06Z", "published": "2024-12-19T10:42:01Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12061", "aliases": [ "GHSA-7wr2-mrx6-6ph4" ], - "summary": "Malware in xeno-api", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in xeno-api (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (388f6e19c676bafc11f44e7609b56a922f80263a992ec95da08a18901aae51e6)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-7wr2-mrx6-6ph4" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "388f6e19c676bafc11f44e7609b56a922f80263a992ec95da08a18901aae51e6", - "import_time": "2024-12-20T00:32:39.408331841Z", "id": "GHSA-7wr2-mrx6-6ph4", + "import_time": "2024-12-20T00:32:39.408331841Z", "modified_time": "2024-12-19T10:42:06Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "388f6e19c676bafc11f44e7609b56a922f80263a992ec95da08a18901aae51e6", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/xrp_set_dest_tag/MAL-0000-ghsa-malware-9a8c9b7e60ff94bd.json b/osv/malicious/npm/xrp_set_dest_tag/MAL-2024-12062.json similarity index 63% rename from osv/malicious/npm/xrp_set_dest_tag/MAL-0000-ghsa-malware-9a8c9b7e60ff94bd.json rename to osv/malicious/npm/xrp_set_dest_tag/MAL-2024-12062.json index 92b5f715d..af217862b 100644 --- a/osv/malicious/npm/xrp_set_dest_tag/MAL-0000-ghsa-malware-9a8c9b7e60ff94bd.json +++ b/osv/malicious/npm/xrp_set_dest_tag/MAL-2024-12062.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:12:45Z", "published": "2024-12-19T11:12:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12062", "aliases": [ "GHSA-mp59-r23r-pghr" ], - "summary": "Malware in xrp_set_dest_tag", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in xrp_set_dest_tag (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (9a8c9b7e60ff94bd3d484c6d240fc5c7a79605e80eed354011da5b94c7263b74)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-mp59-r23r-pghr" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "9a8c9b7e60ff94bd3d484c6d240fc5c7a79605e80eed354011da5b94c7263b74", - "import_time": "2024-12-20T00:32:39.481035766Z", "id": "GHSA-mp59-r23r-pghr", + "import_time": "2024-12-20T00:32:39.481035766Z", "modified_time": "2024-12-19T11:12:45Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "9a8c9b7e60ff94bd3d484c6d240fc5c7a79605e80eed354011da5b94c7263b74", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/yapi-to-dts/MAL-0000-ghsa-malware-19ac9578e805bf62.json b/osv/malicious/npm/yapi-to-dts/MAL-2024-12063.json similarity index 63% rename from osv/malicious/npm/yapi-to-dts/MAL-0000-ghsa-malware-19ac9578e805bf62.json rename to osv/malicious/npm/yapi-to-dts/MAL-2024-12063.json index 6fde15004..be12a4061 100644 --- a/osv/malicious/npm/yapi-to-dts/MAL-0000-ghsa-malware-19ac9578e805bf62.json +++ b/osv/malicious/npm/yapi-to-dts/MAL-2024-12063.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:15:09Z", "published": "2024-12-19T13:15:09Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12063", "aliases": [ "GHSA-qmr2-p6pw-6mh5" ], - "summary": "Malware in yapi-to-dts", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in yapi-to-dts (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (19ac9578e805bf62c4ef65a0db4a50d37e5fa4953caa1e4774265c4f5d86277a)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-qmr2-p6pw-6mh5" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "19ac9578e805bf62c4ef65a0db4a50d37e5fa4953caa1e4774265c4f5d86277a", - "import_time": "2024-12-20T00:32:39.498115075Z", "id": "GHSA-qmr2-p6pw-6mh5", + "import_time": "2024-12-20T00:32:39.498115075Z", "modified_time": "2024-12-19T13:15:09Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "19ac9578e805bf62c4ef65a0db4a50d37e5fa4953caa1e4774265c4f5d86277a", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/yb-animations/MAL-0000-ghsa-malware-c86c332acd193624.json b/osv/malicious/npm/yb-animations/MAL-2024-12064.json similarity index 63% rename from osv/malicious/npm/yb-animations/MAL-0000-ghsa-malware-c86c332acd193624.json rename to osv/malicious/npm/yb-animations/MAL-2024-12064.json index 57ffb5d6c..79fd4304f 100644 --- a/osv/malicious/npm/yb-animations/MAL-0000-ghsa-malware-c86c332acd193624.json +++ b/osv/malicious/npm/yb-animations/MAL-2024-12064.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T11:15:44Z", "published": "2024-12-19T11:15:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12064", "aliases": [ "GHSA-53x8-gjg9-3582" ], - "summary": "Malware in yb-animations", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in yb-animations (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (c86c332acd1936241eee17e035837aed607d37df7788f522324d4ffca58411ac)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-53x8-gjg9-3582" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "c86c332acd1936241eee17e035837aed607d37df7788f522324d4ffca58411ac", - "import_time": "2024-12-20T00:32:39.388621721Z", "id": "GHSA-53x8-gjg9-3582", + "import_time": "2024-12-20T00:32:39.388621721Z", "modified_time": "2024-12-19T11:15:44Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "c86c332acd1936241eee17e035837aed607d37df7788f522324d4ffca58411ac", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/zap_contracts/MAL-0000-ghsa-malware-063e3a8cd4df1cbe.json b/osv/malicious/npm/zap_contracts/MAL-2024-12065.json similarity index 63% rename from osv/malicious/npm/zap_contracts/MAL-0000-ghsa-malware-063e3a8cd4df1cbe.json rename to osv/malicious/npm/zap_contracts/MAL-2024-12065.json index a4aee9c56..92cb8ddb5 100644 --- a/osv/malicious/npm/zap_contracts/MAL-0000-ghsa-malware-063e3a8cd4df1cbe.json +++ b/osv/malicious/npm/zap_contracts/MAL-2024-12065.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:17:14Z", "published": "2024-12-19T13:17:14Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12065", "aliases": [ "GHSA-3vx9-c4r7-qc8x" ], - "summary": "Malware in zap_contracts", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in zap_contracts (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (063e3a8cd4df1cbe8d271d03490b9f7dd78cbeda98767caf294735ff4cacef75)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-3vx9-c4r7-qc8x" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "063e3a8cd4df1cbe8d271d03490b9f7dd78cbeda98767caf294735ff4cacef75", - "import_time": "2024-12-20T00:32:39.377871067Z", "id": "GHSA-3vx9-c4r7-qc8x", + "import_time": "2024-12-20T00:32:39.377871067Z", "modified_time": "2024-12-19T13:17:14Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "063e3a8cd4df1cbe8d271d03490b9f7dd78cbeda98767caf294735ff4cacef75", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/zarf-ui/MAL-0000-ghsa-malware-8697bcf4cd06bebd.json b/osv/malicious/npm/zarf-ui/MAL-2024-12066.json similarity index 63% rename from osv/malicious/npm/zarf-ui/MAL-0000-ghsa-malware-8697bcf4cd06bebd.json rename to osv/malicious/npm/zarf-ui/MAL-2024-12066.json index e1cfb2632..ee8760b1e 100644 --- a/osv/malicious/npm/zarf-ui/MAL-0000-ghsa-malware-8697bcf4cd06bebd.json +++ b/osv/malicious/npm/zarf-ui/MAL-2024-12066.json @@ -2,12 +2,12 @@ "modified": "2024-12-19T13:14:03Z", "published": "2024-12-19T13:13:58Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12066", "aliases": [ "GHSA-jxmj-fqq2-xwwp" ], - "summary": "Malware in zarf-ui", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", + "summary": "Malicious code in zarf-ui (npm)", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (8697bcf4cd06bebdca6e5806069048fc48ce173a5deb372b5992e95df3e0103a)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n", "affected": [ { "package": { @@ -31,8 +31,7 @@ "description": "The product contains code that appears to be malicious in nature.", "name": "Embedded Malicious Code" } - ], - "ghsa": "https://github.com/advisories/GHSA-jxmj-fqq2-xwwp" + ] } } ], @@ -45,21 +44,21 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ghsa-malware", - "sha256": "8697bcf4cd06bebdca6e5806069048fc48ce173a5deb372b5992e95df3e0103a", - "import_time": "2024-12-20T00:32:39.477167944Z", "id": "GHSA-jxmj-fqq2-xwwp", + "import_time": "2024-12-20T00:32:39.477167944Z", "modified_time": "2024-12-19T13:14:03Z", "ranges": [ { - "type": "SEMVER", "events": [ { "introduced": "0" } - ] + ], + "type": "SEMVER" } - ] + ], + "sha256": "8697bcf4cd06bebdca6e5806069048fc48ce173a5deb372b5992e95df3e0103a", + "source": "ghsa-malware" } ] } diff --git a/osv/malicious/npm/zkonmina/MAL-0000-ghsa-malware-a74c40ef671e2fb9.json b/osv/malicious/npm/zkonmina/MAL-0000-ghsa-malware-a74c40ef671e2fb9.json deleted file mode 100644 index da581ff9f..000000000 --- a/osv/malicious/npm/zkonmina/MAL-0000-ghsa-malware-a74c40ef671e2fb9.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "modified": "2024-12-19T12:04:19Z", - "published": "2024-12-19T12:04:18Z", - "schema_version": "1.5.0", - "id": "", - "aliases": [ - "GHSA-mcw3-hhq8-r888" - ], - "summary": "Malware in zkonmina", - "details": "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "zkonmina" - }, - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "database_specific": { - "cwes": [ - { - "cweId": "CWE-506", - "description": "The product contains code that appears to be malicious in nature.", - "name": "Embedded Malicious Code" - } - ], - "ghsa": "https://github.com/advisories/GHSA-mcw3-hhq8-r888" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/advisories/GHSA-mcw3-hhq8-r888" - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ghsa-malware", - "sha256": "a74c40ef671e2fb9d5956f1fd7f022e0dd1ca0f1da3602a687e9172cc4280fcc", - "import_time": "2024-12-20T00:32:39.479220839Z", - "id": "GHSA-mcw3-hhq8-r888", - "modified_time": "2024-12-19T12:04:19Z", - "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "0" - } - ] - } - ] - } - ] - } -} diff --git a/osv/malicious/npm/zkonmina/MAL-2024-11232.json b/osv/malicious/npm/zkonmina/MAL-2024-11232.json index 41d088c69..161312cb2 100644 --- a/osv/malicious/npm/zkonmina/MAL-2024-11232.json +++ b/osv/malicious/npm/zkonmina/MAL-2024-11232.json @@ -1,21 +1,49 @@ { - "modified": "2024-12-07T16:38:46Z", + "modified": "2024-12-20T00:33:13Z", "published": "2024-12-07T16:00:25Z", "schema_version": "1.5.0", "id": "MAL-2024-11232", + "aliases": [ + "GHSA-mcw3-hhq8-r888" + ], "summary": "Malicious code in zkonmina (npm)", - "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (46d2dba3a5b49147baa3f4ce99ad78280fee08d0831d5131f4ce0cb6abd3ba6a)\nThe OpenSSF Package Analysis project identified 'zkonmina' @ 1.5.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (a74c40ef671e2fb9d5956f1fd7f022e0dd1ca0f1da3602a687e9172cc4280fcc)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (46d2dba3a5b49147baa3f4ce99ad78280fee08d0831d5131f4ce0cb6abd3ba6a)\nThe OpenSSF Package Analysis project identified 'zkonmina' @ 1.5.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { "ecosystem": "npm", "name": "zkonmina" }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], "versions": [ "1.5.0", "2.0.0", "1.7.0" - ] + ], + "database_specific": { + "cwes": [ + { + "cweId": "CWE-506", + "description": "The product contains code that appears to be malicious in nature.", + "name": "Embedded Malicious Code" + } + ] + } + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-mcw3-hhq8-r888" } ], "credits": [ @@ -56,6 +84,23 @@ "versions": [ "1.7.0" ] + }, + { + "source": "ghsa-malware", + "sha256": "a74c40ef671e2fb9d5956f1fd7f022e0dd1ca0f1da3602a687e9172cc4280fcc", + "import_time": "2024-12-20T00:32:39.479220839Z", + "id": "GHSA-mcw3-hhq8-r888", + "modified_time": "2024-12-19T12:04:19Z", + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ] }