MAL-2023-8302
Vulnerability from ossf_malicious_packages
Published
2023-10-06 03:38
Modified
2023-10-06 04:05
Summary
Malicious code in @siigo-arquitectura/button-atom (npm)
Details
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (10fd520d1b3077c01e859228a807bb4d066d090fa3e1d1b287389a9f45d58a78)
The OpenSSF Package Analysis project identified '@siigo-arquitectura/button-atom' @ 5.0.7 (npm) as malicious.
It is considered malicious because:
-
The package communicates with a domain associated with malicious activity.
-
The package executes one or more commands associated with malicious behavior.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@siigo-arquitectura/button-atom"
},
"versions": [
"5.0.7",
"5.0.5",
"5.0.2",
"5.0.3"
]
}
],
"credits": [
{
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
],
"name": "OpenSSF: Package Analysis",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"import_time": "2023-10-06T04:05:29.257082328Z",
"modified_time": "2023-10-06T03:58:12Z",
"sha256": "10fd520d1b3077c01e859228a807bb4d066d090fa3e1d1b287389a9f45d58a78",
"source": "ossf-package-analysis",
"versions": [
"5.0.7"
]
},
{
"import_time": "2023-10-06T04:05:29.127526598Z",
"modified_time": "2023-10-06T03:50:36Z",
"sha256": "45987f694328ab5f35ef7f5134471d1194b9432468b9c2d6ba03f43611d5b9fa",
"source": "ossf-package-analysis",
"versions": [
"5.0.5"
]
},
{
"import_time": "2023-10-06T04:05:28.89045557Z",
"modified_time": "2023-10-06T03:38:19Z",
"sha256": "7f54183f29e4c26dc7b5421b6109cfb2b243d7239e0f541df350e5bce32e79f0",
"source": "ossf-package-analysis",
"versions": [
"5.0.2"
]
},
{
"import_time": "2023-10-06T04:05:29.002800384Z",
"modified_time": "2023-10-06T03:40:42Z",
"sha256": "f98f735ee865610780370cded00f51663a69fa2e676aa06c6064f0e2563d1386",
"source": "ossf-package-analysis",
"versions": [
"5.0.3"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (10fd520d1b3077c01e859228a807bb4d066d090fa3e1d1b287389a9f45d58a78)\nThe OpenSSF Package Analysis project identified \u0027@siigo-arquitectura/button-atom\u0027 @ 5.0.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
"id": "MAL-2023-8302",
"modified": "2023-10-06T04:05:49Z",
"published": "2023-10-06T03:38:19Z",
"schema_version": "1.5.0",
"summary": "Malicious code in @siigo-arquitectura/button-atom (npm)"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…