{"id":"MAL-2024-1000","summary":"Malicious code in custom-solutions (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (72a2a270586bc778c1c8a52b2a28ad657e33370ff5e8df12cc812823127d9a1f)\nThe OpenSSF Package Analysis project identified 'custom-solutions' @ 20.8.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-02-14T20:34:12Z","published":"2024-02-14T20:04:45Z","database_specific":{"malicious-packages-origins":[{"versions":["20.8.9"],"source":"ossf-package-analysis","sha256":"72a2a270586bc778c1c8a52b2a28ad657e33370ff5e8df12cc812823127d9a1f","modified_time":"2024-02-14T20:04:45Z","import_time":"2024-02-14T20:04:47.078957827Z"},{"versions":["20.9.1"],"source":"ossf-package-analysis","sha256":"35befa992810b9a3963ad70f931bb66344aa2aa9e045e38ddd4deecc52ada629","modified_time":"2024-02-14T20:21:17Z","import_time":"2024-02-14T20:33:55.039619732Z"},{"versions":["20.8.8"],"source":"ossf-package-analysis","sha256":"f379fedef3bf8a2ee05c0d8ec7cd411f103b4d89d92b38fff591c9b8135dd863","modified_time":"2024-02-14T20:09:32Z","import_time":"2024-02-14T20:33:54.806510075Z"}]},"affected":[{"package":{"name":"custom-solutions","ecosystem":"npm","purl":"pkg:npm/custom-solutions"},"versions":["20.8.9","20.9.1","20.8.8"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/custom-solutions/MAL-2024-1000.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}