Assign IDs

osv/malicious/npm/bigcommerce-cornerstone/MAL-2025-122.json

@@ -1,10 +1,10 @@
 {
-  "modified": "2025-01-13T23:17:16Z",
+  "modified": "2025-01-21T09:35:07Z",
   "published": "2025-01-13T23:17:16Z",
   "schema_version": "1.5.0",
   "id": "MAL-2025-122",
   "summary": "Malicious code in bigcommerce-cornerstone (npm)",
-  "details": "This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain.",
+  "details": "This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (494e6e8145930583b08e1bd8ca2253636cbcaa48edeb20bd83d5d37974f3b9d2)\nThe OpenSSF Package Analysis project identified 'bigcommerce-cornerstone' @ 6.16.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
   "affected": [
     {
       "package": {
@@ -13,7 +13,8 @@
       },
       "versions": [
         "1.0.0",
-        "6.16.2"
+        "6.16.2",
+        "6.16.3"
       ]
     }
   ],
@@ -24,9 +25,27 @@
       "contact": [
         "https://githax.com"
       ]
+    },
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
     }
   ],
   "database_specific": {
-    "malicious-packages-origins": null
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "494e6e8145930583b08e1bd8ca2253636cbcaa48edeb20bd83d5d37974f3b9d2",
+        "import_time": "2025-01-21T09:34:43.073113625Z",
+        "modified_time": "2025-01-21T09:11:51Z",
+        "versions": [
+          "6.16.3"
+        ]
+      }
+    ]
   }
 }