From d8033cb4e315300dfdf5d8b9fe4c0cb0bbcc2059 Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 24 Jan 2025 05:35:23 +0000 Subject: [PATCH] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-eca93207608d2141.json | 42 +++++++++++++++++++ ...ssf-package-analysis-df55c90f71da02d2.json | 42 +++++++++++++++++++ ...ssf-package-analysis-9114efb6f53e1090.json | 42 +++++++++++++++++++ ...ssf-package-analysis-bd156a21b883727d.json | 42 +++++++++++++++++++ ...ssf-package-analysis-3fa775f2b41624be.json | 42 +++++++++++++++++++ ...ssf-package-analysis-34782600b3f9ee71.json | 42 +++++++++++++++++++ ...ssf-package-analysis-003102423aeb5ea1.json | 42 +++++++++++++++++++ ...ssf-package-analysis-85e7f03b6318de8c.json | 42 +++++++++++++++++++ ...ssf-package-analysis-5c4f97fa1af421b8.json | 42 +++++++++++++++++++ ...ssf-package-analysis-c6bb1ed726f071b0.json | 42 +++++++++++++++++++ ...ssf-package-analysis-535cc528932dede0.json | 42 +++++++++++++++++++ ...ssf-package-analysis-c0f156bd66bab53f.json | 42 +++++++++++++++++++ ...ssf-package-analysis-bcb0165ac8368409.json | 42 +++++++++++++++++++ ...ssf-package-analysis-5184795ac94ad298.json | 42 +++++++++++++++++++ ...ssf-package-analysis-873edad68d1d7687.json | 42 +++++++++++++++++++ ...ssf-package-analysis-7c12c62007ba9de6.json | 42 +++++++++++++++++++ ...ssf-package-analysis-874a5b26864cb92b.json | 42 +++++++++++++++++++ ...ssf-package-analysis-9148e4ef72801be1.json | 42 +++++++++++++++++++ ...ssf-package-analysis-8001032baa9e57ff.json | 42 +++++++++++++++++++ ...ssf-package-analysis-6a93b00bc04ea521.json | 42 +++++++++++++++++++ ...ssf-package-analysis-1ffe0720b3de5b32.json | 42 +++++++++++++++++++ ...ssf-package-analysis-1007e3b603874be7.json | 42 +++++++++++++++++++ ...ssf-package-analysis-47cb1bad2e582192.json | 42 +++++++++++++++++++ ...ssf-package-analysis-f5a820d4804bca16.json | 42 +++++++++++++++++++ ...ssf-package-analysis-d3117b6de9634e88.json | 42 +++++++++++++++++++ ...ssf-package-analysis-190f39385920feb1.json | 42 +++++++++++++++++++ ...ssf-package-analysis-f88d925897982290.json | 42 +++++++++++++++++++ ...ssf-package-analysis-e782ae9b14ef40a7.json | 42 +++++++++++++++++++ ...ssf-package-analysis-2f45dd8de7c9dfbf.json | 42 +++++++++++++++++++ ...ssf-package-analysis-d38f448299b8cf08.json | 42 +++++++++++++++++++ ...ssf-package-analysis-45ea901132edd2a5.json | 42 +++++++++++++++++++ ...ssf-package-analysis-98ac8ee2b0e096fa.json | 42 +++++++++++++++++++ ...ssf-package-analysis-e9e18a347cff6687.json | 42 +++++++++++++++++++ ...ssf-package-analysis-2c565f4f063903c3.json | 42 +++++++++++++++++++ ...ssf-package-analysis-3b6c2c8a640e356d.json | 42 +++++++++++++++++++ ...ssf-package-analysis-a21aaa2acd24b74c.json | 42 +++++++++++++++++++ ...ssf-package-analysis-f18793fefebeda68.json | 42 +++++++++++++++++++ ...ssf-package-analysis-315320431749982d.json | 42 +++++++++++++++++++ ...ssf-package-analysis-f37cced5f60e4188.json | 42 +++++++++++++++++++ ...ssf-package-analysis-7fd5ee68fcaff7e6.json | 42 +++++++++++++++++++ ...ssf-package-analysis-be4613c5244b3637.json | 42 +++++++++++++++++++ ...ssf-package-analysis-191527fd54bb2116.json | 42 +++++++++++++++++++ ...ssf-package-analysis-d99ed39fb2357621.json | 42 +++++++++++++++++++ ...ssf-package-analysis-fa22f50a8a669b15.json | 42 +++++++++++++++++++ ...ssf-package-analysis-07b29ef5b7f91f40.json | 42 +++++++++++++++++++ ...ssf-package-analysis-13fc925730549bc8.json | 42 +++++++++++++++++++ ...ssf-package-analysis-037f3d39ceca3729.json | 42 +++++++++++++++++++ ...ssf-package-analysis-877523dd053e13ac.json | 42 +++++++++++++++++++ ...ssf-package-analysis-bad08278af65d859.json | 42 +++++++++++++++++++ ...ssf-package-analysis-115bad0fa70cde21.json | 42 +++++++++++++++++++ ...ssf-package-analysis-3b2c00234e034299.json | 42 +++++++++++++++++++ ...ssf-package-analysis-a2f01e05b592462f.json | 42 +++++++++++++++++++ ...ssf-package-analysis-dcdf3711c3a60bf5.json | 42 +++++++++++++++++++ ...ssf-package-analysis-cb28bf7bab07e7d8.json | 42 +++++++++++++++++++ ...ssf-package-analysis-152f98442370419a.json | 42 +++++++++++++++++++ ...ssf-package-analysis-27016990cb829cd0.json | 42 +++++++++++++++++++ ...ssf-package-analysis-2fd228933bfbd22b.json | 42 +++++++++++++++++++ ...ssf-package-analysis-ac505cb26eb829b7.json | 42 +++++++++++++++++++ ...ssf-package-analysis-e2e755994fef555f.json | 42 +++++++++++++++++++ ...ssf-package-analysis-51bcf8ede43a6fd8.json | 42 +++++++++++++++++++ ...ssf-package-analysis-d5195885ba4e45a4.json | 42 +++++++++++++++++++ ...ssf-package-analysis-10e8951862693cd7.json | 42 +++++++++++++++++++ ...ssf-package-analysis-52e53ccc9088219b.json | 42 +++++++++++++++++++ ...ssf-package-analysis-9249d44462b60e1b.json | 42 +++++++++++++++++++ ...ssf-package-analysis-95f626385442495f.json | 42 +++++++++++++++++++ ...ssf-package-analysis-a520cbe50d853584.json | 42 +++++++++++++++++++ ...ssf-package-analysis-323ab06bc2e65542.json | 42 +++++++++++++++++++ ...ssf-package-analysis-e9c43699ec251843.json | 42 +++++++++++++++++++ 69 files changed, 2857 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/iberia-parser/MAL-0000-ossf-package-analysis-eca93207608d2141.json create mode 100644 osv/malicious/npm/iberia-payment/MAL-0000-ossf-package-analysis-df55c90f71da02d2.json create mode 100644 osv/malicious/npm/iberia-sdk/MAL-0000-ossf-package-analysis-9114efb6f53e1090.json create mode 100644 osv/malicious/npm/iberia-service/MAL-0000-ossf-package-analysis-bd156a21b883727d.json create mode 100644 osv/malicious/npm/iberia-sync/MAL-0000-ossf-package-analysis-3fa775f2b41624be.json create mode 100644 osv/malicious/npm/iberia-test/MAL-0000-ossf-package-analysis-34782600b3f9ee71.json create mode 100644 osv/malicious/npm/instacart-event/MAL-0000-ossf-package-analysis-003102423aeb5ea1.json create mode 100644 osv/malicious/npm/instacart-gateway/MAL-0000-ossf-package-analysis-85e7f03b6318de8c.json create mode 100644 osv/malicious/npm/instacart-internal/MAL-0000-ossf-package-analysis-5c4f97fa1af421b8.json create mode 100644 osv/malicious/npm/instacart-jira/MAL-0000-ossf-package-analysis-c6bb1ed726f071b0.json create mode 100644 osv/malicious/npm/instacart-logger/MAL-0000-ossf-package-analysis-535cc528932dede0.json create mode 100644 osv/malicious/npm/instacart-model/MAL-0000-ossf-package-analysis-c0f156bd66bab53f.json create mode 100644 osv/malicious/npm/instacart-oauth/MAL-0000-ossf-package-analysis-bcb0165ac8368409.json create mode 100644 osv/malicious/npm/instacart-parser/MAL-0000-ossf-package-analysis-5184795ac94ad298.json create mode 100644 osv/malicious/npm/instacart-payment/MAL-0000-ossf-package-analysis-873edad68d1d7687.json create mode 100644 osv/malicious/npm/instacart-sdk/MAL-0000-ossf-package-analysis-7c12c62007ba9de6.json create mode 100644 osv/malicious/npm/instacart-user/MAL-0000-ossf-package-analysis-874a5b26864cb92b.json create mode 100644 osv/malicious/npm/instacart-utils/MAL-0000-ossf-package-analysis-9148e4ef72801be1.json create mode 100644 osv/malicious/npm/linkedin-admin/MAL-0000-ossf-package-analysis-8001032baa9e57ff.json create mode 100644 osv/malicious/npm/linkedin-analytics/MAL-0000-ossf-package-analysis-6a93b00bc04ea521.json create mode 100644 osv/malicious/npm/linkedin-cache/MAL-0000-ossf-package-analysis-1ffe0720b3de5b32.json create mode 100644 osv/malicious/npm/linkedin-checkout/MAL-0000-ossf-package-analysis-1007e3b603874be7.json create mode 100644 osv/malicious/npm/linkedin-cloud/MAL-0000-ossf-package-analysis-47cb1bad2e582192.json create mode 100644 osv/malicious/npm/linkedin-database/MAL-0000-ossf-package-analysis-f5a820d4804bca16.json create mode 100644 osv/malicious/npm/linkedin-event/MAL-0000-ossf-package-analysis-d3117b6de9634e88.json create mode 100644 osv/malicious/npm/linkedin-tests/MAL-0000-ossf-package-analysis-190f39385920feb1.json create mode 100644 osv/malicious/npm/linkedin-tools/MAL-0000-ossf-package-analysis-f88d925897982290.json create mode 100644 osv/malicious/npm/linkedin-user/MAL-0000-ossf-package-analysis-e782ae9b14ef40a7.json create mode 100644 osv/malicious/npm/linkedin-utils/MAL-0000-ossf-package-analysis-2f45dd8de7c9dfbf.json create mode 100644 osv/malicious/npm/lyft-admin/MAL-0000-ossf-package-analysis-d38f448299b8cf08.json create mode 100644 osv/malicious/npm/lyft-analytics/MAL-0000-ossf-package-analysis-45ea901132edd2a5.json create mode 100644 osv/malicious/npm/lyft-api-client/MAL-0000-ossf-package-analysis-98ac8ee2b0e096fa.json create mode 100644 osv/malicious/npm/lyft-api/MAL-0000-ossf-package-analysis-e9e18a347cff6687.json create mode 100644 osv/malicious/npm/lyft-auth/MAL-0000-ossf-package-analysis-2c565f4f063903c3.json create mode 100644 osv/malicious/npm/lyft-cache/MAL-0000-ossf-package-analysis-3b6c2c8a640e356d.json create mode 100644 osv/malicious/npm/lyft-checkout/MAL-0000-ossf-package-analysis-a21aaa2acd24b74c.json create mode 100644 osv/malicious/npm/lyft-cloud/MAL-0000-ossf-package-analysis-f18793fefebeda68.json create mode 100644 osv/malicious/npm/lyft-connect/MAL-0000-ossf-package-analysis-315320431749982d.json create mode 100644 osv/malicious/npm/lyft-db/MAL-0000-ossf-package-analysis-f37cced5f60e4188.json create mode 100644 osv/malicious/npm/lyft-event/MAL-0000-ossf-package-analysis-7fd5ee68fcaff7e6.json create mode 100644 osv/malicious/npm/lyft-gateway/MAL-0000-ossf-package-analysis-be4613c5244b3637.json create mode 100644 osv/malicious/npm/lyft-internal/MAL-0000-ossf-package-analysis-191527fd54bb2116.json create mode 100644 osv/malicious/npm/lyft-jira/MAL-0000-ossf-package-analysis-d99ed39fb2357621.json create mode 100644 osv/malicious/npm/lyft-logger/MAL-0000-ossf-package-analysis-fa22f50a8a669b15.json create mode 100644 osv/malicious/npm/lyft-model/MAL-0000-ossf-package-analysis-07b29ef5b7f91f40.json create mode 100644 osv/malicious/npm/lyft-parser/MAL-0000-ossf-package-analysis-13fc925730549bc8.json create mode 100644 osv/malicious/npm/lyft-payment/MAL-0000-ossf-package-analysis-037f3d39ceca3729.json create mode 100644 osv/malicious/npm/lyft-sdk/MAL-0000-ossf-package-analysis-877523dd053e13ac.json create mode 100644 osv/malicious/npm/lyft-sync/MAL-0000-ossf-package-analysis-bad08278af65d859.json create mode 100644 osv/malicious/npm/lyft-tests/MAL-0000-ossf-package-analysis-115bad0fa70cde21.json create mode 100644 osv/malicious/npm/lyft-tools/MAL-0000-ossf-package-analysis-3b2c00234e034299.json create mode 100644 osv/malicious/npm/lyft-user/MAL-0000-ossf-package-analysis-a2f01e05b592462f.json create mode 100644 osv/malicious/npm/lyft-utils/MAL-0000-ossf-package-analysis-dcdf3711c3a60bf5.json create mode 100644 osv/malicious/npm/meli-analytics/MAL-0000-ossf-package-analysis-cb28bf7bab07e7d8.json create mode 100644 osv/malicious/npm/meli-api-client/MAL-0000-ossf-package-analysis-152f98442370419a.json create mode 100644 osv/malicious/npm/meli-api/MAL-0000-ossf-package-analysis-27016990cb829cd0.json create mode 100644 osv/malicious/npm/meli-auth/MAL-0000-ossf-package-analysis-2fd228933bfbd22b.json create mode 100644 osv/malicious/npm/meli-checkout/MAL-0000-ossf-package-analysis-ac505cb26eb829b7.json create mode 100644 osv/malicious/npm/meli-cloud/MAL-0000-ossf-package-analysis-e2e755994fef555f.json create mode 100644 osv/malicious/npm/meli-connect/MAL-0000-ossf-package-analysis-51bcf8ede43a6fd8.json create mode 100644 osv/malicious/npm/meli-database/MAL-0000-ossf-package-analysis-d5195885ba4e45a4.json create mode 100644 osv/malicious/npm/meli-db/MAL-0000-ossf-package-analysis-10e8951862693cd7.json create mode 100644 osv/malicious/npm/meli-event/MAL-0000-ossf-package-analysis-52e53ccc9088219b.json create mode 100644 osv/malicious/npm/meli-gateway/MAL-0000-ossf-package-analysis-9249d44462b60e1b.json create mode 100644 osv/malicious/npm/meli-internal/MAL-0000-ossf-package-analysis-95f626385442495f.json create mode 100644 osv/malicious/npm/meli-jira/MAL-0000-ossf-package-analysis-a520cbe50d853584.json create mode 100644 osv/malicious/npm/meli-logger/MAL-0000-ossf-package-analysis-323ab06bc2e65542.json create mode 100644 osv/malicious/npm/meli-model/MAL-0000-ossf-package-analysis-e9c43699ec251843.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index cba708f70..3c64b1e30 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20250124/050041-npm-iberia-checkout-999.9.9.json + confident/: confident/20250124/053115-npm-meli-model-999.9.9.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/iberia-parser/MAL-0000-ossf-package-analysis-eca93207608d2141.json b/osv/malicious/npm/iberia-parser/MAL-0000-ossf-package-analysis-eca93207608d2141.json new file mode 100644 index 000000000..59a438b1b --- /dev/null +++ b/osv/malicious/npm/iberia-parser/MAL-0000-ossf-package-analysis-eca93207608d2141.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:05:48Z", + "published": "2025-01-24T05:05:48Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in iberia-parser (npm)", + "details": "The OpenSSF Package Analysis project identified 'iberia-parser' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "iberia-parser" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "eca93207608d214136145d5d86c9fda0d83c29002132a2b488fd475aa6c10c8f", + "import_time": "2025-01-24T05:35:08.595646286Z", + "modified_time": "2025-01-24T05:05:48Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/iberia-payment/MAL-0000-ossf-package-analysis-df55c90f71da02d2.json b/osv/malicious/npm/iberia-payment/MAL-0000-ossf-package-analysis-df55c90f71da02d2.json new file mode 100644 index 000000000..4a85eb2b2 --- /dev/null +++ b/osv/malicious/npm/iberia-payment/MAL-0000-ossf-package-analysis-df55c90f71da02d2.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:15:44Z", + "published": "2025-01-24T05:15:44Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in iberia-payment (npm)", + "details": "The OpenSSF Package Analysis project identified 'iberia-payment' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "iberia-payment" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "df55c90f71da02d24eeb4696aa783de823c705d9f771521b950cafdb2a537c03", + "import_time": "2025-01-24T05:35:10.551694746Z", + "modified_time": "2025-01-24T05:15:44Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/iberia-sdk/MAL-0000-ossf-package-analysis-9114efb6f53e1090.json b/osv/malicious/npm/iberia-sdk/MAL-0000-ossf-package-analysis-9114efb6f53e1090.json new file mode 100644 index 000000000..be79368f9 --- /dev/null +++ b/osv/malicious/npm/iberia-sdk/MAL-0000-ossf-package-analysis-9114efb6f53e1090.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:05:46Z", + "published": "2025-01-24T05:05:46Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in iberia-sdk (npm)", + "details": "The OpenSSF Package Analysis project identified 'iberia-sdk' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "iberia-sdk" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "9114efb6f53e10904e0d6476483d50e50570a62201743b0c30f45de8156a7489", + "import_time": "2025-01-24T05:35:08.46625031Z", + "modified_time": "2025-01-24T05:05:46Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/iberia-service/MAL-0000-ossf-package-analysis-bd156a21b883727d.json b/osv/malicious/npm/iberia-service/MAL-0000-ossf-package-analysis-bd156a21b883727d.json new file mode 100644 index 000000000..35dcbd1d4 --- /dev/null +++ b/osv/malicious/npm/iberia-service/MAL-0000-ossf-package-analysis-bd156a21b883727d.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:05:48Z", + "published": "2025-01-24T05:05:48Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in iberia-service (npm)", + "details": "The OpenSSF Package Analysis project identified 'iberia-service' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "iberia-service" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "bd156a21b883727d9e4bc5b820a01196330a53b28b1227abd237c16e5a8e90a5", + "import_time": "2025-01-24T05:35:08.716328906Z", + "modified_time": "2025-01-24T05:05:48Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/iberia-sync/MAL-0000-ossf-package-analysis-3fa775f2b41624be.json b/osv/malicious/npm/iberia-sync/MAL-0000-ossf-package-analysis-3fa775f2b41624be.json new file mode 100644 index 000000000..7b30aa09f --- /dev/null +++ b/osv/malicious/npm/iberia-sync/MAL-0000-ossf-package-analysis-3fa775f2b41624be.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:05:52Z", + "published": "2025-01-24T05:05:52Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in iberia-sync (npm)", + "details": "The OpenSSF Package Analysis project identified 'iberia-sync' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "iberia-sync" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "3fa775f2b41624be8acd4b8b6be1dc827dc0012574f46c5baf62b0f4aeaa3440", + "import_time": "2025-01-24T05:35:09.023779769Z", + "modified_time": "2025-01-24T05:05:52Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/iberia-test/MAL-0000-ossf-package-analysis-34782600b3f9ee71.json b/osv/malicious/npm/iberia-test/MAL-0000-ossf-package-analysis-34782600b3f9ee71.json new file mode 100644 index 000000000..65f3658e1 --- /dev/null +++ b/osv/malicious/npm/iberia-test/MAL-0000-ossf-package-analysis-34782600b3f9ee71.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:05:50Z", + "published": "2025-01-24T05:05:50Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in iberia-test (npm)", + "details": "The OpenSSF Package Analysis project identified 'iberia-test' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "iberia-test" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "34782600b3f9ee7199f713e88b078821b8ce5da7f26f9779515258d8be6c86e3", + "import_time": "2025-01-24T05:35:08.864339793Z", + "modified_time": "2025-01-24T05:05:50Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-event/MAL-0000-ossf-package-analysis-003102423aeb5ea1.json b/osv/malicious/npm/instacart-event/MAL-0000-ossf-package-analysis-003102423aeb5ea1.json new file mode 100644 index 000000000..d649476a2 --- /dev/null +++ b/osv/malicious/npm/instacart-event/MAL-0000-ossf-package-analysis-003102423aeb5ea1.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:10:41Z", + "published": "2025-01-24T05:10:41Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-event (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-event' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-event" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "003102423aeb5ea11be6dd107f680fb93eb897d8c2e772967fd2723e3c50ea24", + "import_time": "2025-01-24T05:35:09.239579615Z", + "modified_time": "2025-01-24T05:10:41Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-gateway/MAL-0000-ossf-package-analysis-85e7f03b6318de8c.json b/osv/malicious/npm/instacart-gateway/MAL-0000-ossf-package-analysis-85e7f03b6318de8c.json new file mode 100644 index 000000000..0adf795f4 --- /dev/null +++ b/osv/malicious/npm/instacart-gateway/MAL-0000-ossf-package-analysis-85e7f03b6318de8c.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:10:49Z", + "published": "2025-01-24T05:10:49Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-gateway (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-gateway' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-gateway" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "85e7f03b6318de8c9d6b7d97c107c08e382b2c51f628065e22a1c84e163666d2", + "import_time": "2025-01-24T05:35:10.391498968Z", + "modified_time": "2025-01-24T05:10:49Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-internal/MAL-0000-ossf-package-analysis-5c4f97fa1af421b8.json b/osv/malicious/npm/instacart-internal/MAL-0000-ossf-package-analysis-5c4f97fa1af421b8.json new file mode 100644 index 000000000..b2ae39d08 --- /dev/null +++ b/osv/malicious/npm/instacart-internal/MAL-0000-ossf-package-analysis-5c4f97fa1af421b8.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:10:43Z", + "published": "2025-01-24T05:10:43Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-internal (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-internal' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-internal" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "5c4f97fa1af421b8c267a6d72e7078ff0f45e3007987726e95289b4badf3234d", + "import_time": "2025-01-24T05:35:09.351506119Z", + "modified_time": "2025-01-24T05:10:43Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-jira/MAL-0000-ossf-package-analysis-c6bb1ed726f071b0.json b/osv/malicious/npm/instacart-jira/MAL-0000-ossf-package-analysis-c6bb1ed726f071b0.json new file mode 100644 index 000000000..48b33fdae --- /dev/null +++ b/osv/malicious/npm/instacart-jira/MAL-0000-ossf-package-analysis-c6bb1ed726f071b0.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:10:43Z", + "published": "2025-01-24T05:10:43Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-jira (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-jira' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-jira" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "c6bb1ed726f071b0cab3645a0ca2633a238d3f441c6bdf1d64d7fc0188a2298b", + "import_time": "2025-01-24T05:35:09.488391246Z", + "modified_time": "2025-01-24T05:10:43Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-logger/MAL-0000-ossf-package-analysis-535cc528932dede0.json b/osv/malicious/npm/instacart-logger/MAL-0000-ossf-package-analysis-535cc528932dede0.json new file mode 100644 index 000000000..8478cec51 --- /dev/null +++ b/osv/malicious/npm/instacart-logger/MAL-0000-ossf-package-analysis-535cc528932dede0.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:10:45Z", + "published": "2025-01-24T05:10:45Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-logger (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-logger' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-logger" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "535cc528932dede0fbcb6f287ec4fa891c980a4a97c070e887203f5c0ed3f494", + "import_time": "2025-01-24T05:35:09.828162311Z", + "modified_time": "2025-01-24T05:10:45Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-model/MAL-0000-ossf-package-analysis-c0f156bd66bab53f.json b/osv/malicious/npm/instacart-model/MAL-0000-ossf-package-analysis-c0f156bd66bab53f.json new file mode 100644 index 000000000..26c0ef333 --- /dev/null +++ b/osv/malicious/npm/instacart-model/MAL-0000-ossf-package-analysis-c0f156bd66bab53f.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:20:47Z", + "published": "2025-01-24T05:20:47Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-model (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-model' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-model" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "c0f156bd66bab53f207eefced759f8bacbfeaa07433a39282c23b0d3b9f816af", + "import_time": "2025-01-24T05:35:11.835897783Z", + "modified_time": "2025-01-24T05:20:47Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-oauth/MAL-0000-ossf-package-analysis-bcb0165ac8368409.json b/osv/malicious/npm/instacart-oauth/MAL-0000-ossf-package-analysis-bcb0165ac8368409.json new file mode 100644 index 000000000..3e862973f --- /dev/null +++ b/osv/malicious/npm/instacart-oauth/MAL-0000-ossf-package-analysis-bcb0165ac8368409.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:10:43Z", + "published": "2025-01-24T05:10:43Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-oauth (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-oauth' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-oauth" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "bcb0165ac8368409888b3738226fa768c188f411130de11329b6642118e4e5dd", + "import_time": "2025-01-24T05:35:09.632434139Z", + "modified_time": "2025-01-24T05:10:43Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-parser/MAL-0000-ossf-package-analysis-5184795ac94ad298.json b/osv/malicious/npm/instacart-parser/MAL-0000-ossf-package-analysis-5184795ac94ad298.json new file mode 100644 index 000000000..839cbf286 --- /dev/null +++ b/osv/malicious/npm/instacart-parser/MAL-0000-ossf-package-analysis-5184795ac94ad298.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:10:48Z", + "published": "2025-01-24T05:10:48Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-parser (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-parser' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-parser" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "5184795ac94ad2980f5b2eef95d313e8d6a2d491d42d3d3158a901aaf92d0bee", + "import_time": "2025-01-24T05:35:10.136004338Z", + "modified_time": "2025-01-24T05:10:48Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-payment/MAL-0000-ossf-package-analysis-873edad68d1d7687.json b/osv/malicious/npm/instacart-payment/MAL-0000-ossf-package-analysis-873edad68d1d7687.json new file mode 100644 index 000000000..f57be3777 --- /dev/null +++ b/osv/malicious/npm/instacart-payment/MAL-0000-ossf-package-analysis-873edad68d1d7687.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:10:46Z", + "published": "2025-01-24T05:10:46Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-payment (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-payment' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-payment" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "873edad68d1d7687dd48205c5e670bcada0b9b13ff27bc030b145c8669257904", + "import_time": "2025-01-24T05:35:09.954901123Z", + "modified_time": "2025-01-24T05:10:46Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-sdk/MAL-0000-ossf-package-analysis-7c12c62007ba9de6.json b/osv/malicious/npm/instacart-sdk/MAL-0000-ossf-package-analysis-7c12c62007ba9de6.json new file mode 100644 index 000000000..037796d88 --- /dev/null +++ b/osv/malicious/npm/instacart-sdk/MAL-0000-ossf-package-analysis-7c12c62007ba9de6.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:10:48Z", + "published": "2025-01-24T05:10:48Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-sdk (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-sdk' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-sdk" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "7c12c62007ba9de65054ea35d0f3c994ab23aacb3799c8ca20103678e4293cea", + "import_time": "2025-01-24T05:35:10.278535976Z", + "modified_time": "2025-01-24T05:10:48Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-user/MAL-0000-ossf-package-analysis-874a5b26864cb92b.json b/osv/malicious/npm/instacart-user/MAL-0000-ossf-package-analysis-874a5b26864cb92b.json new file mode 100644 index 000000000..7ace8631f --- /dev/null +++ b/osv/malicious/npm/instacart-user/MAL-0000-ossf-package-analysis-874a5b26864cb92b.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:20:33Z", + "published": "2025-01-24T05:20:33Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-user (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-user' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-user" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "874a5b26864cb92b47627790269c6a382107aa52df40e08b357a0e00eea63968", + "import_time": "2025-01-24T05:35:11.709857905Z", + "modified_time": "2025-01-24T05:20:33Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/instacart-utils/MAL-0000-ossf-package-analysis-9148e4ef72801be1.json b/osv/malicious/npm/instacart-utils/MAL-0000-ossf-package-analysis-9148e4ef72801be1.json new file mode 100644 index 000000000..919d52f96 --- /dev/null +++ b/osv/malicious/npm/instacart-utils/MAL-0000-ossf-package-analysis-9148e4ef72801be1.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:18:19Z", + "published": "2025-01-24T05:18:19Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in instacart-utils (npm)", + "details": "The OpenSSF Package Analysis project identified 'instacart-utils' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "instacart-utils" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "9148e4ef72801be1e6f194388e391e2788a1b821aaa108c28f4a832a833f9893", + "import_time": "2025-01-24T05:35:11.295024594Z", + "modified_time": "2025-01-24T05:18:19Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-admin/MAL-0000-ossf-package-analysis-8001032baa9e57ff.json b/osv/malicious/npm/linkedin-admin/MAL-0000-ossf-package-analysis-8001032baa9e57ff.json new file mode 100644 index 000000000..50a4185a9 --- /dev/null +++ b/osv/malicious/npm/linkedin-admin/MAL-0000-ossf-package-analysis-8001032baa9e57ff.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:17:05Z", + "published": "2025-01-24T05:17:05Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-admin (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-admin' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-admin" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "8001032baa9e57ffc08d11ae9dc0a51fb41ef1dbd5dad53d1a82d828eba3005e", + "import_time": "2025-01-24T05:35:10.868042485Z", + "modified_time": "2025-01-24T05:17:05Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-analytics/MAL-0000-ossf-package-analysis-6a93b00bc04ea521.json b/osv/malicious/npm/linkedin-analytics/MAL-0000-ossf-package-analysis-6a93b00bc04ea521.json new file mode 100644 index 000000000..5de943dcf --- /dev/null +++ b/osv/malicious/npm/linkedin-analytics/MAL-0000-ossf-package-analysis-6a93b00bc04ea521.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:18:02Z", + "published": "2025-01-24T05:18:02Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-analytics (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-analytics' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-analytics" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "6a93b00bc04ea5218384795d0a4ce28aef30047e797c5bfa33e15d2e7b799011", + "import_time": "2025-01-24T05:35:10.995085817Z", + "modified_time": "2025-01-24T05:18:02Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-cache/MAL-0000-ossf-package-analysis-1ffe0720b3de5b32.json b/osv/malicious/npm/linkedin-cache/MAL-0000-ossf-package-analysis-1ffe0720b3de5b32.json new file mode 100644 index 000000000..9014b62f0 --- /dev/null +++ b/osv/malicious/npm/linkedin-cache/MAL-0000-ossf-package-analysis-1ffe0720b3de5b32.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:19:11Z", + "published": "2025-01-24T05:19:11Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-cache (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-cache' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-cache" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "1ffe0720b3de5b326d3c21a92d61c09a1d9628d2c1402bcec1e868d5ec11ab3d", + "import_time": "2025-01-24T05:35:11.418878045Z", + "modified_time": "2025-01-24T05:19:11Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-checkout/MAL-0000-ossf-package-analysis-1007e3b603874be7.json b/osv/malicious/npm/linkedin-checkout/MAL-0000-ossf-package-analysis-1007e3b603874be7.json new file mode 100644 index 000000000..a3da2ed32 --- /dev/null +++ b/osv/malicious/npm/linkedin-checkout/MAL-0000-ossf-package-analysis-1007e3b603874be7.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:19:29Z", + "published": "2025-01-24T05:19:29Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-checkout (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-checkout' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-checkout" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "1007e3b603874be7c1b16b45918cee3421169f7c44f4a1b302c8e1710f14402a", + "import_time": "2025-01-24T05:35:11.540817309Z", + "modified_time": "2025-01-24T05:19:29Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-cloud/MAL-0000-ossf-package-analysis-47cb1bad2e582192.json b/osv/malicious/npm/linkedin-cloud/MAL-0000-ossf-package-analysis-47cb1bad2e582192.json new file mode 100644 index 000000000..14f355b21 --- /dev/null +++ b/osv/malicious/npm/linkedin-cloud/MAL-0000-ossf-package-analysis-47cb1bad2e582192.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:22:27Z", + "published": "2025-01-24T05:22:27Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-cloud (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-cloud' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-cloud" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "47cb1bad2e582192dd61836a8601f240f63e48536a6ea36e0f7fc2814d8c872f", + "import_time": "2025-01-24T05:35:12.543388079Z", + "modified_time": "2025-01-24T05:22:27Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-database/MAL-0000-ossf-package-analysis-f5a820d4804bca16.json b/osv/malicious/npm/linkedin-database/MAL-0000-ossf-package-analysis-f5a820d4804bca16.json new file mode 100644 index 000000000..d28d3bad1 --- /dev/null +++ b/osv/malicious/npm/linkedin-database/MAL-0000-ossf-package-analysis-f5a820d4804bca16.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:18:12Z", + "published": "2025-01-24T05:18:12Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-database (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-database' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-database" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "f5a820d4804bca16792c856bbc1762769849da5c71cfd50b5afa2bfe86b90b03", + "import_time": "2025-01-24T05:35:11.117206544Z", + "modified_time": "2025-01-24T05:18:12Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-event/MAL-0000-ossf-package-analysis-d3117b6de9634e88.json b/osv/malicious/npm/linkedin-event/MAL-0000-ossf-package-analysis-d3117b6de9634e88.json new file mode 100644 index 000000000..ed0de4580 --- /dev/null +++ b/osv/malicious/npm/linkedin-event/MAL-0000-ossf-package-analysis-d3117b6de9634e88.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:15:57Z", + "published": "2025-01-24T05:15:57Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-event (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-event' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-event" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "d3117b6de9634e8866bcc81a60b2d016dc3f6ad89a592ae3118460e5dacc6d31", + "import_time": "2025-01-24T05:35:10.735236187Z", + "modified_time": "2025-01-24T05:15:57Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-tests/MAL-0000-ossf-package-analysis-190f39385920feb1.json b/osv/malicious/npm/linkedin-tests/MAL-0000-ossf-package-analysis-190f39385920feb1.json new file mode 100644 index 000000000..6e8160379 --- /dev/null +++ b/osv/malicious/npm/linkedin-tests/MAL-0000-ossf-package-analysis-190f39385920feb1.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:23:10Z", + "published": "2025-01-24T05:23:10Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-tests (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-tests' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-tests" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "190f39385920feb169d7fe6cc41ab7694f2ec357829ed626244c651f4980daf4", + "import_time": "2025-01-24T05:35:12.655612526Z", + "modified_time": "2025-01-24T05:23:10Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-tools/MAL-0000-ossf-package-analysis-f88d925897982290.json b/osv/malicious/npm/linkedin-tools/MAL-0000-ossf-package-analysis-f88d925897982290.json new file mode 100644 index 000000000..26d211d82 --- /dev/null +++ b/osv/malicious/npm/linkedin-tools/MAL-0000-ossf-package-analysis-f88d925897982290.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:23:45Z", + "published": "2025-01-24T05:23:45Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-tools (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-tools' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-tools" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "f88d92589798229030c45a76e8fdc8b0c2824ab5699823f7f478dda18a045689", + "import_time": "2025-01-24T05:35:13.146501565Z", + "modified_time": "2025-01-24T05:23:45Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-user/MAL-0000-ossf-package-analysis-e782ae9b14ef40a7.json b/osv/malicious/npm/linkedin-user/MAL-0000-ossf-package-analysis-e782ae9b14ef40a7.json new file mode 100644 index 000000000..909941526 --- /dev/null +++ b/osv/malicious/npm/linkedin-user/MAL-0000-ossf-package-analysis-e782ae9b14ef40a7.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:21:08Z", + "published": "2025-01-24T05:21:08Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-user (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-user' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-user" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "e782ae9b14ef40a792bc55c6f60693da134e9e77e9f74d07336fcd40de0dfbc4", + "import_time": "2025-01-24T05:35:12.384250192Z", + "modified_time": "2025-01-24T05:21:08Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/linkedin-utils/MAL-0000-ossf-package-analysis-2f45dd8de7c9dfbf.json b/osv/malicious/npm/linkedin-utils/MAL-0000-ossf-package-analysis-2f45dd8de7c9dfbf.json new file mode 100644 index 000000000..f18c7efe0 --- /dev/null +++ b/osv/malicious/npm/linkedin-utils/MAL-0000-ossf-package-analysis-2f45dd8de7c9dfbf.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:23:14Z", + "published": "2025-01-24T05:23:14Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in linkedin-utils (npm)", + "details": "The OpenSSF Package Analysis project identified 'linkedin-utils' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "linkedin-utils" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "2f45dd8de7c9dfbf4be3b1eb3b9ba6589946428e21d51e9d4da84804e129b9b5", + "import_time": "2025-01-24T05:35:12.923441193Z", + "modified_time": "2025-01-24T05:23:14Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-admin/MAL-0000-ossf-package-analysis-d38f448299b8cf08.json b/osv/malicious/npm/lyft-admin/MAL-0000-ossf-package-analysis-d38f448299b8cf08.json new file mode 100644 index 000000000..39b4fa443 --- /dev/null +++ b/osv/malicious/npm/lyft-admin/MAL-0000-ossf-package-analysis-d38f448299b8cf08.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:23:12Z", + "published": "2025-01-24T05:23:12Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-admin (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-admin' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-admin" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "d38f448299b8cf08b4e9a13e97a9c14c62534e926734f9f7b65fd051eb22509c", + "import_time": "2025-01-24T05:35:12.784882141Z", + "modified_time": "2025-01-24T05:23:12Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-analytics/MAL-0000-ossf-package-analysis-45ea901132edd2a5.json b/osv/malicious/npm/lyft-analytics/MAL-0000-ossf-package-analysis-45ea901132edd2a5.json new file mode 100644 index 000000000..64512ebce --- /dev/null +++ b/osv/malicious/npm/lyft-analytics/MAL-0000-ossf-package-analysis-45ea901132edd2a5.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:23:15Z", + "published": "2025-01-24T05:23:15Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-analytics (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-analytics' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-analytics" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "45ea901132edd2a569f451644d222beedfd715a037c809451b5ac84bd1e506a1", + "import_time": "2025-01-24T05:35:13.030935102Z", + "modified_time": "2025-01-24T05:23:15Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-api-client/MAL-0000-ossf-package-analysis-98ac8ee2b0e096fa.json b/osv/malicious/npm/lyft-api-client/MAL-0000-ossf-package-analysis-98ac8ee2b0e096fa.json new file mode 100644 index 000000000..184cbe796 --- /dev/null +++ b/osv/malicious/npm/lyft-api-client/MAL-0000-ossf-package-analysis-98ac8ee2b0e096fa.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:20:51Z", + "published": "2025-01-24T05:20:51Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-api-client (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-api-client' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-api-client" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "98ac8ee2b0e096fab5b480794e79170dbc9b2162464fdf0f1e0124de1575cfd5", + "import_time": "2025-01-24T05:35:11.984232005Z", + "modified_time": "2025-01-24T05:20:51Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-api/MAL-0000-ossf-package-analysis-e9e18a347cff6687.json b/osv/malicious/npm/lyft-api/MAL-0000-ossf-package-analysis-e9e18a347cff6687.json new file mode 100644 index 000000000..f0e90bac5 --- /dev/null +++ b/osv/malicious/npm/lyft-api/MAL-0000-ossf-package-analysis-e9e18a347cff6687.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:23:52Z", + "published": "2025-01-24T05:23:52Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-api (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-api' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-api" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "e9e18a347cff66874d35da46263ee4c183405e86a2aa64ff2f410dbe42d781c2", + "import_time": "2025-01-24T05:35:13.290877514Z", + "modified_time": "2025-01-24T05:23:52Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-auth/MAL-0000-ossf-package-analysis-2c565f4f063903c3.json b/osv/malicious/npm/lyft-auth/MAL-0000-ossf-package-analysis-2c565f4f063903c3.json new file mode 100644 index 000000000..92080daad --- /dev/null +++ b/osv/malicious/npm/lyft-auth/MAL-0000-ossf-package-analysis-2c565f4f063903c3.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:20:59Z", + "published": "2025-01-24T05:20:59Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-auth (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-auth' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-auth" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "2c565f4f063903c396ce391a766b2f2e23376ee54056eed2f91fe4584c931069", + "import_time": "2025-01-24T05:35:12.233770581Z", + "modified_time": "2025-01-24T05:20:59Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-cache/MAL-0000-ossf-package-analysis-3b6c2c8a640e356d.json b/osv/malicious/npm/lyft-cache/MAL-0000-ossf-package-analysis-3b6c2c8a640e356d.json new file mode 100644 index 000000000..a1c9e1223 --- /dev/null +++ b/osv/malicious/npm/lyft-cache/MAL-0000-ossf-package-analysis-3b6c2c8a640e356d.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:23:53Z", + "published": "2025-01-24T05:23:53Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-cache (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-cache' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-cache" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "3b6c2c8a640e356df7915efc2dbff4c6612d5995a84d32090e38a5fe4ee11eb4", + "import_time": "2025-01-24T05:35:13.423652416Z", + "modified_time": "2025-01-24T05:23:53Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-checkout/MAL-0000-ossf-package-analysis-a21aaa2acd24b74c.json b/osv/malicious/npm/lyft-checkout/MAL-0000-ossf-package-analysis-a21aaa2acd24b74c.json new file mode 100644 index 000000000..abde8a560 --- /dev/null +++ b/osv/malicious/npm/lyft-checkout/MAL-0000-ossf-package-analysis-a21aaa2acd24b74c.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:24:00Z", + "published": "2025-01-24T05:24:00Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-checkout (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-checkout' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-checkout" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "a21aaa2acd24b74ce7634bafecd7bc3e4f9508ef8062d748fb284d79f0661619", + "import_time": "2025-01-24T05:35:13.624949237Z", + "modified_time": "2025-01-24T05:24:00Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-cloud/MAL-0000-ossf-package-analysis-f18793fefebeda68.json b/osv/malicious/npm/lyft-cloud/MAL-0000-ossf-package-analysis-f18793fefebeda68.json new file mode 100644 index 000000000..18eacfea5 --- /dev/null +++ b/osv/malicious/npm/lyft-cloud/MAL-0000-ossf-package-analysis-f18793fefebeda68.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:20:53Z", + "published": "2025-01-24T05:20:53Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-cloud (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-cloud' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-cloud" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "f18793fefebeda68528fbc9a521cc91b843c80488c74eb9cd83d7acfcc1804cf", + "import_time": "2025-01-24T05:35:12.105505174Z", + "modified_time": "2025-01-24T05:20:53Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-connect/MAL-0000-ossf-package-analysis-315320431749982d.json b/osv/malicious/npm/lyft-connect/MAL-0000-ossf-package-analysis-315320431749982d.json new file mode 100644 index 000000000..987bcce68 --- /dev/null +++ b/osv/malicious/npm/lyft-connect/MAL-0000-ossf-package-analysis-315320431749982d.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:25:53Z", + "published": "2025-01-24T05:25:53Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-connect (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-connect' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-connect" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "315320431749982def4c72ea78c96ab88faead336d157234851073d549dd50b5", + "import_time": "2025-01-24T05:35:14.027507757Z", + "modified_time": "2025-01-24T05:25:53Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-db/MAL-0000-ossf-package-analysis-f37cced5f60e4188.json b/osv/malicious/npm/lyft-db/MAL-0000-ossf-package-analysis-f37cced5f60e4188.json new file mode 100644 index 000000000..995058fa8 --- /dev/null +++ b/osv/malicious/npm/lyft-db/MAL-0000-ossf-package-analysis-f37cced5f60e4188.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:28:22Z", + "published": "2025-01-24T05:28:22Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-db (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-db' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-db" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "f37cced5f60e41888f8d0a2a4472279034b4fd9a0f6076ea9337095dc37cea9f", + "import_time": "2025-01-24T05:35:15.263653923Z", + "modified_time": "2025-01-24T05:28:22Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-event/MAL-0000-ossf-package-analysis-7fd5ee68fcaff7e6.json b/osv/malicious/npm/lyft-event/MAL-0000-ossf-package-analysis-7fd5ee68fcaff7e6.json new file mode 100644 index 000000000..7e88c8294 --- /dev/null +++ b/osv/malicious/npm/lyft-event/MAL-0000-ossf-package-analysis-7fd5ee68fcaff7e6.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:25:57Z", + "published": "2025-01-24T05:25:57Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-event (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-event' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-event" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "7fd5ee68fcaff7e62208bff2016c4e1fd3a56bfbbdb5328c16efb4e2a4e45528", + "import_time": "2025-01-24T05:35:14.745874354Z", + "modified_time": "2025-01-24T05:25:57Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-gateway/MAL-0000-ossf-package-analysis-be4613c5244b3637.json b/osv/malicious/npm/lyft-gateway/MAL-0000-ossf-package-analysis-be4613c5244b3637.json new file mode 100644 index 000000000..af4db77e4 --- /dev/null +++ b/osv/malicious/npm/lyft-gateway/MAL-0000-ossf-package-analysis-be4613c5244b3637.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:25:53Z", + "published": "2025-01-24T05:25:53Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-gateway (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-gateway' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-gateway" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "be4613c5244b3637a1ce624461625c93050eb053918b67dfb98d8879de0e9124", + "import_time": "2025-01-24T05:35:14.16163547Z", + "modified_time": "2025-01-24T05:25:53Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-internal/MAL-0000-ossf-package-analysis-191527fd54bb2116.json b/osv/malicious/npm/lyft-internal/MAL-0000-ossf-package-analysis-191527fd54bb2116.json new file mode 100644 index 000000000..cd7d9a73c --- /dev/null +++ b/osv/malicious/npm/lyft-internal/MAL-0000-ossf-package-analysis-191527fd54bb2116.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:25:52Z", + "published": "2025-01-24T05:25:52Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-internal (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-internal' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-internal" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "191527fd54bb2116b8405e7655ca0fa98138ea2f8f4463ca288460aeb3d1caf9", + "import_time": "2025-01-24T05:35:13.889441412Z", + "modified_time": "2025-01-24T05:25:52Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-jira/MAL-0000-ossf-package-analysis-d99ed39fb2357621.json b/osv/malicious/npm/lyft-jira/MAL-0000-ossf-package-analysis-d99ed39fb2357621.json new file mode 100644 index 000000000..1a49752c1 --- /dev/null +++ b/osv/malicious/npm/lyft-jira/MAL-0000-ossf-package-analysis-d99ed39fb2357621.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:25:54Z", + "published": "2025-01-24T05:25:54Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-jira (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-jira' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-jira" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "d99ed39fb2357621d732cbabd612fadcc3d7f25e8a37e786415c681aaefd9256", + "import_time": "2025-01-24T05:35:14.272679452Z", + "modified_time": "2025-01-24T05:25:54Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-logger/MAL-0000-ossf-package-analysis-fa22f50a8a669b15.json b/osv/malicious/npm/lyft-logger/MAL-0000-ossf-package-analysis-fa22f50a8a669b15.json new file mode 100644 index 000000000..ba9d40dcf --- /dev/null +++ b/osv/malicious/npm/lyft-logger/MAL-0000-ossf-package-analysis-fa22f50a8a669b15.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:25:51Z", + "published": "2025-01-24T05:25:51Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-logger (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-logger' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-logger" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "fa22f50a8a669b15c880da7ceb0b0a5977b7051dcedd06fd7166143e1af7599c", + "import_time": "2025-01-24T05:35:13.763160564Z", + "modified_time": "2025-01-24T05:25:51Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-model/MAL-0000-ossf-package-analysis-07b29ef5b7f91f40.json b/osv/malicious/npm/lyft-model/MAL-0000-ossf-package-analysis-07b29ef5b7f91f40.json new file mode 100644 index 000000000..8eeb530ed --- /dev/null +++ b/osv/malicious/npm/lyft-model/MAL-0000-ossf-package-analysis-07b29ef5b7f91f40.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:25:55Z", + "published": "2025-01-24T05:25:55Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-model (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-model' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-model" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "07b29ef5b7f91f403e3af36ebf885175b0589e5142149b466eae7e650ed71239", + "import_time": "2025-01-24T05:35:14.616184741Z", + "modified_time": "2025-01-24T05:25:55Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-parser/MAL-0000-ossf-package-analysis-13fc925730549bc8.json b/osv/malicious/npm/lyft-parser/MAL-0000-ossf-package-analysis-13fc925730549bc8.json new file mode 100644 index 000000000..190cb5b68 --- /dev/null +++ b/osv/malicious/npm/lyft-parser/MAL-0000-ossf-package-analysis-13fc925730549bc8.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:25:58Z", + "published": "2025-01-24T05:25:58Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-parser (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-parser' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-parser" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "13fc925730549bc8bae19b10ead0ff6155ab8448707c222dd7da50c4e7a014d6", + "import_time": "2025-01-24T05:35:14.916661308Z", + "modified_time": "2025-01-24T05:25:58Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-payment/MAL-0000-ossf-package-analysis-037f3d39ceca3729.json b/osv/malicious/npm/lyft-payment/MAL-0000-ossf-package-analysis-037f3d39ceca3729.json new file mode 100644 index 000000000..1aa860745 --- /dev/null +++ b/osv/malicious/npm/lyft-payment/MAL-0000-ossf-package-analysis-037f3d39ceca3729.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:25:54Z", + "published": "2025-01-24T05:25:54Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-payment (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-payment' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-payment" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "037f3d39ceca372959df5cba4db994d11d49eed766635b9e474d217f2e600335", + "import_time": "2025-01-24T05:35:14.439764975Z", + "modified_time": "2025-01-24T05:25:54Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-sdk/MAL-0000-ossf-package-analysis-877523dd053e13ac.json b/osv/malicious/npm/lyft-sdk/MAL-0000-ossf-package-analysis-877523dd053e13ac.json new file mode 100644 index 000000000..dada5c977 --- /dev/null +++ b/osv/malicious/npm/lyft-sdk/MAL-0000-ossf-package-analysis-877523dd053e13ac.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:25:59Z", + "published": "2025-01-24T05:25:59Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-sdk (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-sdk' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-sdk" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "877523dd053e13acd1b9e58650b8582eefdecf968a95e9997a115adbd7942683", + "import_time": "2025-01-24T05:35:15.130760694Z", + "modified_time": "2025-01-24T05:25:59Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-sync/MAL-0000-ossf-package-analysis-bad08278af65d859.json b/osv/malicious/npm/lyft-sync/MAL-0000-ossf-package-analysis-bad08278af65d859.json new file mode 100644 index 000000000..6abf31903 --- /dev/null +++ b/osv/malicious/npm/lyft-sync/MAL-0000-ossf-package-analysis-bad08278af65d859.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:31:58Z", + "published": "2025-01-24T05:31:58Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-sync (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-sync' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-sync" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "bad08278af65d859072402dbc935300d4c8d6036f2f214644533c0af1b8f7b8e", + "import_time": "2025-01-24T05:35:17.6933607Z", + "modified_time": "2025-01-24T05:31:58Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-tests/MAL-0000-ossf-package-analysis-115bad0fa70cde21.json b/osv/malicious/npm/lyft-tests/MAL-0000-ossf-package-analysis-115bad0fa70cde21.json new file mode 100644 index 000000000..953de5597 --- /dev/null +++ b/osv/malicious/npm/lyft-tests/MAL-0000-ossf-package-analysis-115bad0fa70cde21.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:31:32Z", + "published": "2025-01-24T05:31:32Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-tests (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-tests' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-tests" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "115bad0fa70cde21c6adc84e89cc502d81a28568a9b34867b1fcad432dc49050", + "import_time": "2025-01-24T05:35:17.262643194Z", + "modified_time": "2025-01-24T05:31:32Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-tools/MAL-0000-ossf-package-analysis-3b2c00234e034299.json b/osv/malicious/npm/lyft-tools/MAL-0000-ossf-package-analysis-3b2c00234e034299.json new file mode 100644 index 000000000..b41703f9c --- /dev/null +++ b/osv/malicious/npm/lyft-tools/MAL-0000-ossf-package-analysis-3b2c00234e034299.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:33:00Z", + "published": "2025-01-24T05:33:00Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-tools (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-tools' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-tools" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "3b2c00234e034299caca80e55a0e1850002d9a55938aa217a50b0a39620bfc14", + "import_time": "2025-01-24T05:35:18.220280854Z", + "modified_time": "2025-01-24T05:33:00Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-user/MAL-0000-ossf-package-analysis-a2f01e05b592462f.json b/osv/malicious/npm/lyft-user/MAL-0000-ossf-package-analysis-a2f01e05b592462f.json new file mode 100644 index 000000000..ce7fc7a9c --- /dev/null +++ b/osv/malicious/npm/lyft-user/MAL-0000-ossf-package-analysis-a2f01e05b592462f.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:32:13Z", + "published": "2025-01-24T05:32:13Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-user (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-user' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-user" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "a2f01e05b592462f5cd8959f49eb75aea1f7e08d9c9c2a1e817953e0c06e3c84", + "import_time": "2025-01-24T05:35:17.830336598Z", + "modified_time": "2025-01-24T05:32:13Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/lyft-utils/MAL-0000-ossf-package-analysis-dcdf3711c3a60bf5.json b/osv/malicious/npm/lyft-utils/MAL-0000-ossf-package-analysis-dcdf3711c3a60bf5.json new file mode 100644 index 000000000..33372b4a1 --- /dev/null +++ b/osv/malicious/npm/lyft-utils/MAL-0000-ossf-package-analysis-dcdf3711c3a60bf5.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:31:55Z", + "published": "2025-01-24T05:31:55Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in lyft-utils (npm)", + "details": "The OpenSSF Package Analysis project identified 'lyft-utils' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lyft-utils" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "dcdf3711c3a60bf5a37d61a0b61ff485f47ea89580e09542881d51f6192ff73d", + "import_time": "2025-01-24T05:35:17.534607297Z", + "modified_time": "2025-01-24T05:31:55Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-analytics/MAL-0000-ossf-package-analysis-cb28bf7bab07e7d8.json b/osv/malicious/npm/meli-analytics/MAL-0000-ossf-package-analysis-cb28bf7bab07e7d8.json new file mode 100644 index 000000000..c6874a34a --- /dev/null +++ b/osv/malicious/npm/meli-analytics/MAL-0000-ossf-package-analysis-cb28bf7bab07e7d8.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:32:36Z", + "published": "2025-01-24T05:32:36Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-analytics (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-analytics' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-analytics" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "cb28bf7bab07e7d8ce966bd32c13cf1917b50adade7a33b66bb6e39c74710827", + "import_time": "2025-01-24T05:35:17.95042734Z", + "modified_time": "2025-01-24T05:32:36Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-api-client/MAL-0000-ossf-package-analysis-152f98442370419a.json b/osv/malicious/npm/meli-api-client/MAL-0000-ossf-package-analysis-152f98442370419a.json new file mode 100644 index 000000000..f51b9741c --- /dev/null +++ b/osv/malicious/npm/meli-api-client/MAL-0000-ossf-package-analysis-152f98442370419a.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:32:52Z", + "published": "2025-01-24T05:32:52Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-api-client (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-api-client' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-api-client" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "152f98442370419a0e0c3fb36c2e01d398741677238bd205877b136806a6922b", + "import_time": "2025-01-24T05:35:18.098926976Z", + "modified_time": "2025-01-24T05:32:52Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-api/MAL-0000-ossf-package-analysis-27016990cb829cd0.json b/osv/malicious/npm/meli-api/MAL-0000-ossf-package-analysis-27016990cb829cd0.json new file mode 100644 index 000000000..71965d026 --- /dev/null +++ b/osv/malicious/npm/meli-api/MAL-0000-ossf-package-analysis-27016990cb829cd0.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:33:18Z", + "published": "2025-01-24T05:33:18Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-api (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-api' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-api" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "27016990cb829cd062af401322eecdb598a33abe92ab20ee617101c4fc921003", + "import_time": "2025-01-24T05:35:18.421402791Z", + "modified_time": "2025-01-24T05:33:18Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-auth/MAL-0000-ossf-package-analysis-2fd228933bfbd22b.json b/osv/malicious/npm/meli-auth/MAL-0000-ossf-package-analysis-2fd228933bfbd22b.json new file mode 100644 index 000000000..6efecabd5 --- /dev/null +++ b/osv/malicious/npm/meli-auth/MAL-0000-ossf-package-analysis-2fd228933bfbd22b.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:31:41Z", + "published": "2025-01-24T05:31:41Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-auth (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-auth' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-auth" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "2fd228933bfbd22b6537f1ebb684b7d183ba26dc3647c4b9cffb7e5a089ecac1", + "import_time": "2025-01-24T05:35:17.392389914Z", + "modified_time": "2025-01-24T05:31:41Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-checkout/MAL-0000-ossf-package-analysis-ac505cb26eb829b7.json b/osv/malicious/npm/meli-checkout/MAL-0000-ossf-package-analysis-ac505cb26eb829b7.json new file mode 100644 index 000000000..d61fa2c1c --- /dev/null +++ b/osv/malicious/npm/meli-checkout/MAL-0000-ossf-package-analysis-ac505cb26eb829b7.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:30:58Z", + "published": "2025-01-24T05:30:58Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-checkout (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-checkout' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-checkout" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "ac505cb26eb829b7873ae3ef5920a2fe35d4627fc36c958e35a24d261e0bc7df", + "import_time": "2025-01-24T05:35:16.398510777Z", + "modified_time": "2025-01-24T05:30:58Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-cloud/MAL-0000-ossf-package-analysis-e2e755994fef555f.json b/osv/malicious/npm/meli-cloud/MAL-0000-ossf-package-analysis-e2e755994fef555f.json new file mode 100644 index 000000000..0acc1cef2 --- /dev/null +++ b/osv/malicious/npm/meli-cloud/MAL-0000-ossf-package-analysis-e2e755994fef555f.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:30:59Z", + "published": "2025-01-24T05:30:59Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-cloud (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-cloud' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-cloud" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "e2e755994fef555f630bf43ead9cc9c83f1927fd069d0c46c98253436d5e674c", + "import_time": "2025-01-24T05:35:16.529142852Z", + "modified_time": "2025-01-24T05:30:59Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-connect/MAL-0000-ossf-package-analysis-51bcf8ede43a6fd8.json b/osv/malicious/npm/meli-connect/MAL-0000-ossf-package-analysis-51bcf8ede43a6fd8.json new file mode 100644 index 000000000..3a7e5b99c --- /dev/null +++ b/osv/malicious/npm/meli-connect/MAL-0000-ossf-package-analysis-51bcf8ede43a6fd8.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:30:56Z", + "published": "2025-01-24T05:30:56Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-connect (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-connect' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-connect" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "51bcf8ede43a6fd8fa810529ae2d62e97197165ba94b7d41c8b58e3607d39551", + "import_time": "2025-01-24T05:35:16.124482504Z", + "modified_time": "2025-01-24T05:30:56Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-database/MAL-0000-ossf-package-analysis-d5195885ba4e45a4.json b/osv/malicious/npm/meli-database/MAL-0000-ossf-package-analysis-d5195885ba4e45a4.json new file mode 100644 index 000000000..35c693d1d --- /dev/null +++ b/osv/malicious/npm/meli-database/MAL-0000-ossf-package-analysis-d5195885ba4e45a4.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:30:55Z", + "published": "2025-01-24T05:30:55Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-database (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-database' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-database" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "d5195885ba4e45a4939618989105150398f9e588d277d263c7a519d7024ee369", + "import_time": "2025-01-24T05:35:15.773497354Z", + "modified_time": "2025-01-24T05:30:55Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-db/MAL-0000-ossf-package-analysis-10e8951862693cd7.json b/osv/malicious/npm/meli-db/MAL-0000-ossf-package-analysis-10e8951862693cd7.json new file mode 100644 index 000000000..520edca48 --- /dev/null +++ b/osv/malicious/npm/meli-db/MAL-0000-ossf-package-analysis-10e8951862693cd7.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:30:52Z", + "published": "2025-01-24T05:30:52Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-db (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-db' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-db" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "10e8951862693cd7f0abc511b5294f748fc5ebafd51d1e36a87114d2583d1221", + "import_time": "2025-01-24T05:35:15.635540208Z", + "modified_time": "2025-01-24T05:30:52Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-event/MAL-0000-ossf-package-analysis-52e53ccc9088219b.json b/osv/malicious/npm/meli-event/MAL-0000-ossf-package-analysis-52e53ccc9088219b.json new file mode 100644 index 000000000..b3b1aa275 --- /dev/null +++ b/osv/malicious/npm/meli-event/MAL-0000-ossf-package-analysis-52e53ccc9088219b.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:30:59Z", + "published": "2025-01-24T05:30:59Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-event (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-event' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-event" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "52e53ccc9088219b5062b6ceac1a6d716fc2700eb4110e523cf08592c472d78e", + "import_time": "2025-01-24T05:35:16.692630375Z", + "modified_time": "2025-01-24T05:30:59Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-gateway/MAL-0000-ossf-package-analysis-9249d44462b60e1b.json b/osv/malicious/npm/meli-gateway/MAL-0000-ossf-package-analysis-9249d44462b60e1b.json new file mode 100644 index 000000000..825ce6201 --- /dev/null +++ b/osv/malicious/npm/meli-gateway/MAL-0000-ossf-package-analysis-9249d44462b60e1b.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:30:49Z", + "published": "2025-01-24T05:30:49Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-gateway (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-gateway' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-gateway" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "9249d44462b60e1bb8316d13cd455eaa9e98c79213089c77eafe6020eb1507f4", + "import_time": "2025-01-24T05:35:15.445484123Z", + "modified_time": "2025-01-24T05:30:49Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-internal/MAL-0000-ossf-package-analysis-95f626385442495f.json b/osv/malicious/npm/meli-internal/MAL-0000-ossf-package-analysis-95f626385442495f.json new file mode 100644 index 000000000..67847498d --- /dev/null +++ b/osv/malicious/npm/meli-internal/MAL-0000-ossf-package-analysis-95f626385442495f.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:30:55Z", + "published": "2025-01-24T05:30:55Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-internal (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-internal' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-internal" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "95f626385442495ffbfeb51de2392e389f8b69da723a133025f2ce302f513b4f", + "import_time": "2025-01-24T05:35:15.93001004Z", + "modified_time": "2025-01-24T05:30:55Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-jira/MAL-0000-ossf-package-analysis-a520cbe50d853584.json b/osv/malicious/npm/meli-jira/MAL-0000-ossf-package-analysis-a520cbe50d853584.json new file mode 100644 index 000000000..cabaa02e3 --- /dev/null +++ b/osv/malicious/npm/meli-jira/MAL-0000-ossf-package-analysis-a520cbe50d853584.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:31:02Z", + "published": "2025-01-24T05:31:02Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-jira (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-jira' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-jira" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "a520cbe50d8535849ba1e07a7b87c326e1b5d72851d82b62dc215ebd3634646a", + "import_time": "2025-01-24T05:35:16.821693778Z", + "modified_time": "2025-01-24T05:31:02Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-logger/MAL-0000-ossf-package-analysis-323ab06bc2e65542.json b/osv/malicious/npm/meli-logger/MAL-0000-ossf-package-analysis-323ab06bc2e65542.json new file mode 100644 index 000000000..0f7e48b0c --- /dev/null +++ b/osv/malicious/npm/meli-logger/MAL-0000-ossf-package-analysis-323ab06bc2e65542.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:30:57Z", + "published": "2025-01-24T05:30:57Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-logger (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-logger' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-logger" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "323ab06bc2e65542017ab341bb31cbb5163ad6ed63cf9259878b1a7c2c9fc000", + "import_time": "2025-01-24T05:35:16.259620622Z", + "modified_time": "2025-01-24T05:30:57Z", + "versions": [ + "999.9.9" + ] + } + ] + } +} diff --git a/osv/malicious/npm/meli-model/MAL-0000-ossf-package-analysis-e9c43699ec251843.json b/osv/malicious/npm/meli-model/MAL-0000-ossf-package-analysis-e9c43699ec251843.json new file mode 100644 index 000000000..8ea78e6dd --- /dev/null +++ b/osv/malicious/npm/meli-model/MAL-0000-ossf-package-analysis-e9c43699ec251843.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-24T05:31:15Z", + "published": "2025-01-24T05:31:15Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in meli-model (npm)", + "details": "The OpenSSF Package Analysis project identified 'meli-model' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "meli-model" + }, + "versions": [ + "999.9.9" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "e9c43699ec25184387ef69493ea9408036e114da2e1501a93d9cc74e38df909a", + "import_time": "2025-01-24T05:35:17.063678512Z", + "modified_time": "2025-01-24T05:31:15Z", + "versions": [ + "999.9.9" + ] + } + ] + } +}