{"id":"MAL-2023-8486","summary":"Malicious code in @zscaler/ec-domain (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (31bceaac08bb6d621ea722590b8ba815799a6af81cc537fa0796ea7983b0f1d2)\nThe OpenSSF Package Analysis project identified '@zscaler/ec-domain' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2023-11-09T01:50:47Z","published":"2023-11-09T00:49:23Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","sha256":"31bceaac08bb6d621ea722590b8ba815799a6af81cc537fa0796ea7983b0f1d2","modified_time":"2023-11-09T01:04:23Z","versions":["1.0.1"],"import_time":"2023-11-09T01:27:49.828460724Z"},{"source":"ossf-package-analysis","sha256":"6d4f2582cdad4c21f7775bc8a29e6aec0aa7bbb45232de4efc038e8528f1db3e","modified_time":"2023-11-09T00:49:23Z","versions":["1.0.0"],"import_time":"2023-11-09T01:27:49.755742255Z"},{"source":"ossf-package-analysis","sha256":"9de339464191516a7ae43a2d5ce0ff211ae9bc147afeedb0591fd09b0f35b23f","modified_time":"2023-11-09T01:05:48Z","versions":["1.0.3"],"import_time":"2023-11-09T01:27:49.942682616Z"},{"source":"ossf-package-analysis","sha256":"c44946dcaa5bd76e659912ae9cbe51808166c9cef890471ea715634cb40de32d","modified_time":"2023-11-09T01:45:09Z","versions":["5.0.0"],"import_time":"2023-11-09T01:50:32.540706723Z"}]},"affected":[{"package":{"name":"@zscaler/ec-domain","ecosystem":"npm","purl":"pkg:npm/%40zscaler/ec-domain"},"versions":["1.0.1","1.0.0","1.0.3","5.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@zscaler/ec-domain/MAL-2023-8486.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}