{"id":"MAL-2023-1490","summary":"Malicious code in bugsnotfound (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (3980d08da6629463ad50e50b6a94591add7f48be24c1256a14e6d3e56fe69f55)\nThe OpenSSF Package Analysis project identified 'bugsnotfound' @ 1.1.2 (npm) as malicious.\n\nIt is considered malicious because:\n- The package communicates with a domain associated with malicious activity.\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2023-08-19T18:10:59Z","published":"2023-08-19T17:39:56Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2023-08-19T17:39:56.067983008Z","sha256":"3980d08da6629463ad50e50b6a94591add7f48be24c1256a14e6d3e56fe69f55","import_time":"2023-08-19T18:05:44.376774203Z","versions":["1.1.2"],"source":"ossf-package-analysis"},{"modified_time":"2023-08-19T17:44:46.129222366Z","sha256":"79716984a65383f264804842207d17d33d181a0c9e0f048a5e9bfe9ea66a8e3a","import_time":"2023-08-19T18:05:44.519553013Z","versions":["1.1.7"],"source":"ossf-package-analysis"},{"modified_time":"2023-08-19T17:59:57.325382787Z","sha256":"b747adce8415f51908a4b99af0129343ddd79f84bc2c7ea530600cc3872c78dc","import_time":"2023-08-19T18:05:44.826700733Z","versions":["1.0.5"],"source":"ossf-package-analysis"},{"modified_time":"2023-08-19T17:51:40.026241232Z","sha256":"cffe27e14db95155049fc1eed72c99966fde272c3bee6b04b6d0816435dc5fe4","import_time":"2023-08-19T18:05:44.666826323Z","versions":["2.1.2"],"source":"ossf-package-analysis"},{"modified_time":"2023-08-19T18:02:31.320021753Z","sha256":"d4dc749ae088f3e893ab98169eb3fc9a8c9da4a75ecd6b374864193b0b84b3bd","import_time":"2023-08-19T18:05:44.981443143Z","versions":["1.0.3"],"source":"ossf-package-analysis"}]},"affected":[{"package":{"name":"bugsnotfound","ecosystem":"npm","purl":"pkg:npm/bugsnotfound"},"versions":["1.1.2","1.1.7","1.0.5","2.1.2","1.0.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/bugsnotfound/MAL-2023-1490.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}