{"id":"MAL-2024-10309","summary":"Malicious code in rentez-docs (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (d38f5182bdac1a9d1dc8a7edd04bf4887e39416ac443361fbe2b4de7341c0360)\nThe OpenSSF Package Analysis project identified 'rentez-docs' @ 6.6.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-11-02T18:06:27Z","published":"2024-11-02T17:30:42Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2024-11-02T17:30:42Z","import_time":"2024-11-02T17:34:13.514714352Z","versions":["6.6.6"],"sha256":"d38f5182bdac1a9d1dc8a7edd04bf4887e39416ac443361fbe2b4de7341c0360","source":"ossf-package-analysis"},{"modified_time":"2024-11-02T17:42:45Z","import_time":"2024-11-02T18:05:58.33778979Z","versions":["6.6.7"],"sha256":"4706c1b96ab737ef821954b3ca9e3a784fb14c28a6531f77d889b83f184fb9e4","source":"ossf-package-analysis"},{"modified_time":"2024-11-02T17:46:26Z","import_time":"2024-11-02T18:05:58.459465682Z","versions":["8.0.0"],"sha256":"4d35fa2c014d1e507380be6dba88c396c5da1b4ecb471cdd839106c5c787c509","source":"ossf-package-analysis"},{"modified_time":"2024-11-02T17:48:53Z","import_time":"2024-11-02T18:05:58.535901885Z","versions":["9.0.0"],"sha256":"891de119b42153e2c7cbf7afb7aa8d662085ffa555dbf9160377755d03fff716","source":"ossf-package-analysis"},{"modified_time":"2024-11-02T17:44:15Z","import_time":"2024-11-02T18:05:58.406433106Z","versions":["7.0.0"],"sha256":"98df5e041c9957304b5cdc6d55aa05b2cbce2d9bc77ab66e47926c83f33b08e2","source":"ossf-package-analysis"}]},"affected":[{"package":{"name":"rentez-docs","ecosystem":"npm","purl":"pkg:npm/rentez-docs"},"versions":["6.6.6","6.6.7","8.0.0","9.0.0","7.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rentez-docs/MAL-2024-10309.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}