{"id":"MAL-2024-8737","summary":"Malicious code in @maas-tools/module-federations (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (5e9c4333709afd9ae69fb0ff8f280d123046790364d12ab0a22192bd1339bfff)\nThe OpenSSF Package Analysis project identified '@maas-tools/module-federations' @ 3.0.11 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-09-05T00:20:18Z","published":"2024-09-04T20:26:07Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","sha256":"5e9c4333709afd9ae69fb0ff8f280d123046790364d12ab0a22192bd1339bfff","modified_time":"2024-09-04T20:50:57Z","versions":["3.0.11"],"import_time":"2024-09-05T00:19:47.427239437Z"},{"source":"ossf-package-analysis","sha256":"6a021b42e94eb589cab4792dc93ea3e2bf002327433623446f50003705c6a25a","modified_time":"2024-09-04T20:45:51Z","versions":["3.0.10"],"import_time":"2024-09-05T00:19:47.28659435Z"},{"source":"ossf-package-analysis","sha256":"ad1a8083047c89d5425f3c312d7015e6b7b16a5b6eb53f2b5d0a0a55e399dc68","modified_time":"2024-09-04T21:20:46Z","versions":["3.0.15"],"import_time":"2024-09-05T00:19:47.655199841Z"},{"source":"ossf-package-analysis","sha256":"be5c88d09bbfe7efe62f0949ae756a3906cb26ba27d39b4d64a8606c27a9dbf0","modified_time":"2024-09-04T21:05:57Z","versions":["3.0.13"],"import_time":"2024-09-05T00:19:47.53529004Z"},{"source":"ossf-package-analysis","sha256":"c492c6b9486e5a6915d5abe706bf85ce4fb2fefdcb8035eb4283d83fbb37d495","modified_time":"2024-09-04T20:26:07Z","versions":["3.0.7"],"import_time":"2024-09-05T00:19:47.089991072Z"},{"source":"ossf-package-analysis","sha256":"ee1fae36129a7ded414a8c686dddd1a6770fd9f3cc00f290aec8fa9fba169dea","modified_time":"2024-09-04T21:30:49Z","versions":["3.0.16"],"import_time":"2024-09-05T00:19:47.764164796Z"},{"source":"ossf-package-analysis","sha256":"f2abe2eaba3ac7714ecb199824cf941389cbb416c0a6abb0c6fa617a490e59f6","modified_time":"2024-09-04T20:32:35Z","versions":["3.0.8"],"import_time":"2024-09-05T00:19:47.177398154Z"}]},"affected":[{"package":{"name":"@maas-tools/module-federations","ecosystem":"npm","purl":"pkg:npm/%40maas-tools/module-federations"},"versions":["3.0.11","3.0.10","3.0.15","3.0.13","3.0.7","3.0.16","3.0.8"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@maas-tools/module-federations/MAL-2024-8737.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}