{"id":"MAL-2023-8256","summary":"Malicious code in zenfi-sdk (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (9a75914f8d0929ed48294224224fab435793f654258889e4435c268b34d2ac4c)\nThe OpenSSF Package Analysis project identified 'zenfi-sdk' @ 1.5.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2023-09-29T10:05:57Z","published":"2023-09-27T14:00:47Z","database_specific":{"malicious-packages-origins":[{"import_time":"2023-09-27T14:05:21.436579812Z","versions":["1.5.2"],"modified_time":"2023-09-27T14:00:47Z","sha256":"9a75914f8d0929ed48294224224fab435793f654258889e4435c268b34d2ac4c","source":"ossf-package-analysis"},{"import_time":"2023-09-27T14:34:37.687937694Z","versions":["1.5.5"],"modified_time":"2023-09-27T14:22:07Z","sha256":"121bcc28f5a92a43e487a59be608e966374c729dcbe9ffed02594b32e6c69671","source":"ossf-package-analysis"},{"import_time":"2023-09-27T14:34:37.824618248Z","versions":["1.5.7"],"modified_time":"2023-09-27T14:26:19Z","sha256":"4254fb00fbeb19194258d9118ac72b4116a72a781f6c57ecb4d4b6bec555a2cf","source":"ossf-package-analysis"},{"import_time":"2023-09-29T10:05:34.556252552Z","versions":["1.5.3"],"modified_time":"2023-09-27T14:05:44Z","sha256":"c51b5327051759b4bf0f52d1e5162ac672633140f4e06184022ded34d15e78eb","source":"ossf-package-analysis"}]},"affected":[{"package":{"name":"zenfi-sdk","ecosystem":"npm","purl":"pkg:npm/zenfi-sdk"},"versions":["1.5.2","1.5.5","1.5.7","1.5.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/zenfi-sdk/MAL-2023-8256.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}