{"id":"MAL-2024-2005","summary":"Malicious code in commons-skin (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n","aliases":["SNYK-JS-COMMONSSKIN-6044707"],"modified":"2024-10-24T01:01:55Z","published":"2024-06-25T12:34:08Z","database_specific":{"malicious-packages-origins":[{"sha256":"8cd8af2ca46daf8d000dd6350c8182ca25439795abb1f8a04c4f1febf35e18f8","id":"RLMA-2024-00624","versions":["6.0.4","6.0.2","6.0.3","3.0.2"],"modified_time":"2024-06-25T12:34:08Z","source":"reversing-labs","import_time":"2024-06-28T02:42:27.973323615Z"},{"sha256":"342c6bcb38e54239a3188aa919532f676a119d80efd6e3e1d7d289ff5eff098e","id":"RLUA-2024-06337","modified_time":"2024-10-16T12:40:53Z","source":"reversing-labs","import_time":"2024-10-24T00:57:39.630274685Z"}]},"references":[{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-JS-COMMONSSKIN-6044707"},{"type":"ARTICLE","url":"https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/"}],"affected":[{"package":{"name":"commons-skin","ecosystem":"npm","purl":"pkg:npm/commons-skin"},"versions":["6.0.4","6.0.2","6.0.3","3.0.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/commons-skin/MAL-2024-2005.json"}}],"schema_version":"1.7.3","credits":[{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}