{"id":"MAL-2023-1436","summary":"Malicious code in puppet-module-posix-system-r3.2 (RubyGems)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (835ce606cd37fa823a80a445ab30dce0ec0005af3a78f9ed7a8d35d63db99474)\nThe OpenSSF Package Analysis project identified 'puppet-module-posix-system-r3.2' @ 1.0.0 (rubygems) as malicious.\n\nIt is considered malicious because:\n- The package communicates with a domain associated with malicious activity.\n","modified":"2023-08-10T15:30:28Z","published":"2023-08-10T15:30:28Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","import_time":"2023-08-10T15:34:14.773936904Z","sha256":"835ce606cd37fa823a80a445ab30dce0ec0005af3a78f9ed7a8d35d63db99474","modified_time":"2023-08-10T15:30:28.423349101Z","versions":["1.0.0"]}]},"affected":[{"package":{"name":"puppet-module-posix-system-r3.2","ecosystem":"RubyGems","purl":"pkg:gem/puppet-module-posix-system-r3.2"},"versions":["1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/puppet-module-posix-system-r3.2/MAL-2023-1436.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}