From 74e84ab5261f6802c1533ce72e5d377b4db90847 Mon Sep 17 00:00:00 2001 From: github-actions Date: Sat, 21 Dec 2024 10:05:53 +0000 Subject: [PATCH] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ssf-package-analysis-20d6b8df49c8a196.json | 42 ------------------- ...ssf-package-analysis-24334b1015df570a.json | 42 ------------------- .../MAL-2024-12067.json | 28 +++++++++++-- ...ssf-package-analysis-0a76c2ee75baa7c3.json | 42 ------------------- .../MAL-2024-11918.json | 14 ++++++- ...cccaa0f154234.json => MAL-2024-12088.json} | 8 ++-- 7 files changed, 41 insertions(+), 137 deletions(-) delete mode 100644 osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-20d6b8df49c8a196.json delete mode 100644 osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-24334b1015df570a.json delete mode 100644 osv/malicious/npm/auto-assign-team-actionn/MAL-0000-ossf-package-analysis-0a76c2ee75baa7c3.json rename osv/malicious/npm/cosmos-hub-docs-site/{MAL-0000-ossf-package-analysis-a34cccaa0f154234.json => MAL-2024-12088.json} (69%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index 3c307b2ad..1f561189f 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -18857d41489cc6e97bf8d5b15bb47f5e83f060d372443b325440b3ee93fd7946 \ No newline at end of file +e28af2a36c32f12d5f166b13f0daf723b77b80b1500dcbf83e2f737ef118f1c1 \ No newline at end of file diff --git a/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-20d6b8df49c8a196.json b/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-20d6b8df49c8a196.json deleted file mode 100644 index 9d8065a45..000000000 --- a/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-20d6b8df49c8a196.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "modified": "2024-12-21T09:50:39Z", - "published": "2024-12-21T09:50:39Z", - "schema_version": "1.5.0", - "id": "", - "summary": "Malicious code in aauto-assign-team-action (npm)", - "details": "The OpenSSF Package Analysis project identified 'aauto-assign-team-action' @ 0.1.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "aauto-assign-team-action" - }, - "versions": [ - "0.1.1" - ] - } - ], - "credits": [ - { - "name": "OpenSSF: Package Analysis", - "type": "FINDER", - "contact": [ - "https://github.com/ossf/package-analysis", - "https://openssf.slack.com/channels/package_analysis" - ] - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ossf-package-analysis", - "sha256": "20d6b8df49c8a196bdddfe3670a09617033a86639fe61a4a191ae4f3dc926715", - "import_time": "2024-12-21T10:05:14.646637162Z", - "modified_time": "2024-12-21T09:50:39Z", - "versions": [ - "0.1.1" - ] - } - ] - } -} diff --git a/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-24334b1015df570a.json b/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-24334b1015df570a.json deleted file mode 100644 index 05a6bd507..000000000 --- a/osv/malicious/npm/aauto-assign-team-action/MAL-0000-ossf-package-analysis-24334b1015df570a.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "modified": "2024-12-21T09:47:36Z", - "published": "2024-12-21T09:47:36Z", - "schema_version": "1.5.0", - "id": "", - "summary": "Malicious code in aauto-assign-team-action (npm)", - "details": "The OpenSSF Package Analysis project identified 'aauto-assign-team-action' @ 0.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "aauto-assign-team-action" - }, - "versions": [ - "0.1.0" - ] - } - ], - "credits": [ - { - "name": "OpenSSF: Package Analysis", - "type": "FINDER", - "contact": [ - "https://github.com/ossf/package-analysis", - "https://openssf.slack.com/channels/package_analysis" - ] - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ossf-package-analysis", - "sha256": "24334b1015df570a4828e5982d0285375f64bb4a889f3c54431ba385b54f0a27", - "import_time": "2024-12-21T10:05:14.569236354Z", - "modified_time": "2024-12-21T09:47:36Z", - "versions": [ - "0.1.0" - ] - } - ] - } -} diff --git a/osv/malicious/npm/aauto-assign-team-action/MAL-2024-12067.json b/osv/malicious/npm/aauto-assign-team-action/MAL-2024-12067.json index 10dcb54ad..118d5a85c 100644 --- a/osv/malicious/npm/aauto-assign-team-action/MAL-2024-12067.json +++ b/osv/malicious/npm/aauto-assign-team-action/MAL-2024-12067.json @@ -1,5 +1,5 @@ { - "modified": "2024-12-20T06:15:47Z", + "modified": "2024-12-21T10:05:39Z", "published": "2024-12-20T06:15:47Z", "schema_version": "1.5.0", "id": "MAL-2024-12067", @@ -12,7 +12,9 @@ "name": "aauto-assign-team-action" }, "versions": [ - "0.0.9" + "0.0.9", + "0.1.1", + "0.1.0" ] } ], @@ -29,13 +31,31 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "7a1940e473e85340855b988ae41ca9c65a1c1e2ee81c63e96329b35b605b6405", "import_time": "2024-12-20T06:39:10.132969996Z", "modified_time": "2024-12-20T06:15:47Z", - "sha256": "7a1940e473e85340855b988ae41ca9c65a1c1e2ee81c63e96329b35b605b6405", - "source": "ossf-package-analysis", "versions": [ "0.0.9" ] + }, + { + "source": "ossf-package-analysis", + "sha256": "20d6b8df49c8a196bdddfe3670a09617033a86639fe61a4a191ae4f3dc926715", + "import_time": "2024-12-21T10:05:14.646637162Z", + "modified_time": "2024-12-21T09:50:39Z", + "versions": [ + "0.1.1" + ] + }, + { + "source": "ossf-package-analysis", + "sha256": "24334b1015df570a4828e5982d0285375f64bb4a889f3c54431ba385b54f0a27", + "import_time": "2024-12-21T10:05:14.569236354Z", + "modified_time": "2024-12-21T09:47:36Z", + "versions": [ + "0.1.0" + ] } ] } diff --git a/osv/malicious/npm/auto-assign-team-actionn/MAL-0000-ossf-package-analysis-0a76c2ee75baa7c3.json b/osv/malicious/npm/auto-assign-team-actionn/MAL-0000-ossf-package-analysis-0a76c2ee75baa7c3.json deleted file mode 100644 index 8162ce53d..000000000 --- a/osv/malicious/npm/auto-assign-team-actionn/MAL-0000-ossf-package-analysis-0a76c2ee75baa7c3.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "modified": "2024-12-21T09:42:28Z", - "published": "2024-12-21T09:42:28Z", - "schema_version": "1.5.0", - "id": "", - "summary": "Malicious code in auto-assign-team-actionn (npm)", - "details": "The OpenSSF Package Analysis project identified 'auto-assign-team-actionn' @ 0.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "auto-assign-team-actionn" - }, - "versions": [ - "0.1.0" - ] - } - ], - "credits": [ - { - "name": "OpenSSF: Package Analysis", - "type": "FINDER", - "contact": [ - "https://github.com/ossf/package-analysis", - "https://openssf.slack.com/channels/package_analysis" - ] - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ossf-package-analysis", - "sha256": "0a76c2ee75baa7c330f6245cd32f36ea9ab50a438b5ae22970e6280a498a5236", - "import_time": "2024-12-21T10:05:14.494370046Z", - "modified_time": "2024-12-21T09:42:28Z", - "versions": [ - "0.1.0" - ] - } - ] - } -} diff --git a/osv/malicious/npm/auto-assign-team-actionn/MAL-2024-11918.json b/osv/malicious/npm/auto-assign-team-actionn/MAL-2024-11918.json index f2cb7263d..a7e2aef73 100644 --- a/osv/malicious/npm/auto-assign-team-actionn/MAL-2024-11918.json +++ b/osv/malicious/npm/auto-assign-team-actionn/MAL-2024-11918.json @@ -1,5 +1,5 @@ { - "modified": "2024-12-20T06:07:49Z", + "modified": "2024-12-21T10:05:39Z", "published": "2024-12-18T20:55:56Z", "schema_version": "1.5.0", "id": "MAL-2024-11918", @@ -15,7 +15,8 @@ "1.1.0", "0.0.4", "0.0.6", - "0.0.9" + "0.0.9", + "0.1.0" ] } ], @@ -66,6 +67,15 @@ "versions": [ "0.0.9" ] + }, + { + "source": "ossf-package-analysis", + "sha256": "0a76c2ee75baa7c330f6245cd32f36ea9ab50a438b5ae22970e6280a498a5236", + "import_time": "2024-12-21T10:05:14.494370046Z", + "modified_time": "2024-12-21T09:42:28Z", + "versions": [ + "0.1.0" + ] } ] } diff --git a/osv/malicious/npm/cosmos-hub-docs-site/MAL-0000-ossf-package-analysis-a34cccaa0f154234.json b/osv/malicious/npm/cosmos-hub-docs-site/MAL-2024-12088.json similarity index 69% rename from osv/malicious/npm/cosmos-hub-docs-site/MAL-0000-ossf-package-analysis-a34cccaa0f154234.json rename to osv/malicious/npm/cosmos-hub-docs-site/MAL-2024-12088.json index 3f27052f1..58a2c1bac 100644 --- a/osv/malicious/npm/cosmos-hub-docs-site/MAL-0000-ossf-package-analysis-a34cccaa0f154234.json +++ b/osv/malicious/npm/cosmos-hub-docs-site/MAL-2024-12088.json @@ -2,9 +2,9 @@ "modified": "2024-12-21T10:00:58Z", "published": "2024-12-21T10:00:58Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2024-12088", "summary": "Malicious code in cosmos-hub-docs-site (npm)", - "details": "The OpenSSF Package Analysis project identified 'cosmos-hub-docs-site' @ 2.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (a34cccaa0f1542346f9bde458f8b0160dfc0e0d1d8718d8acc264d706162d8a3)\nThe OpenSSF Package Analysis project identified 'cosmos-hub-docs-site' @ 2.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "a34cccaa0f1542346f9bde458f8b0160dfc0e0d1d8718d8acc264d706162d8a3", "import_time": "2024-12-21T10:05:14.728230572Z", "modified_time": "2024-12-21T10:00:58Z", + "sha256": "a34cccaa0f1542346f9bde458f8b0160dfc0e0d1d8718d8acc264d706162d8a3", + "source": "ossf-package-analysis", "versions": [ "2.0.0" ]