{"id":"MAL-2023-1494","summary":"Malicious code in kasms (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (14c5473ed9f03eb3f97abf8cfe3a81e0296f61439e1a450546557140a154e714)\nThe OpenSSF Package Analysis project identified 'kasms' @ 1.0.207 (npm) as malicious.\n\nIt is considered malicious because:\n- The package communicates with a domain associated with malicious activity.\n","modified":"2023-08-21T11:10:13Z","published":"2023-08-19T18:41:02Z","database_specific":{"malicious-packages-origins":[{"sha256":"131c788f3205c3edd21ef16ff995bfc06bec47f015b0f82c0d40ab59d4ea1bae","modified_time":"2023-08-19T18:50:29.598184884Z","import_time":"2023-08-19T19:04:45.576316063Z","source":"ossf-package-analysis","versions":["1.0.3"]},{"sha256":"31c22f43d1e8391f7275673bb0e41d4afbdfe7d894f74eea0024c25b0f5238fc","modified_time":"2023-08-19T18:58:59.189791429Z","import_time":"2023-08-19T19:04:45.635944725Z","source":"ossf-package-analysis","versions":["1.0.4"]},{"sha256":"d88d5f5d53caa1e49f250929ab3feea5f42a21a6440af2e195a847735645e754","modified_time":"2023-08-19T18:41:02.545625709Z","import_time":"2023-08-19T19:04:45.520499376Z","source":"ossf-package-analysis","versions":["1.0.1"]},{"sha256":"b448e540ec0f3ecb0886215dab16f6a73fde4348b15f0be952193722809a4d17","modified_time":"2023-08-19T19:24:56.308977225Z","import_time":"2023-08-19T19:34:13.644568021Z","source":"ossf-package-analysis","versions":["1.0.6"]},{"sha256":"d3efb245f03a2c201a452406e8c856d106b2cabdd31be66100d7c726e7180c41","modified_time":"2023-08-19T19:08:12.24161074Z","import_time":"2023-08-19T19:34:13.553948503Z","source":"ossf-package-analysis","versions":["1.0.5"]},{"sha256":"6251c33fa62176e9692affd18504c25ec433727f42536c951c272d7a0c84a09e","modified_time":"2023-08-20T10:53:49.083523102Z","import_time":"2023-08-20T11:04:49.710159886Z","source":"ossf-package-analysis","versions":["1.0.8"]},{"sha256":"14c5473ed9f03eb3f97abf8cfe3a81e0296f61439e1a450546557140a154e714","modified_time":"2023-08-21T10:37:01.909186583Z","import_time":"2023-08-21T11:05:15.72292797Z","source":"ossf-package-analysis","versions":["1.0.207"]},{"sha256":"8b9c42341f1a7e999c04ce35b97065c53e0b1b0ca810ac5d7ec907a02599b73c","modified_time":"2023-08-21T10:35:16.996222192Z","import_time":"2023-08-21T11:05:15.663213312Z","source":"ossf-package-analysis","versions":["1.0.191"]}]},"affected":[{"package":{"name":"kasms","ecosystem":"npm","purl":"pkg:npm/kasms"},"versions":["1.0.3","1.0.4","1.0.1","1.0.6","1.0.5","1.0.8","1.0.207","1.0.191"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/kasms/MAL-2023-1494.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}