{"id":"MAL-2024-9038","summary":"Malicious code in @plentyofcode/header-bidding-adslot (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (af5eb7081dde9d70a0712995098c35c53b72258056714c3dbefd6a3d194d6ed3)\nThe OpenSSF Package Analysis project identified '@plentyofcode/header-bidding-adslot' @ 2.0.36 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-09-30T22:05:23Z","published":"2024-09-29T05:19:10Z","database_specific":{"malicious-packages-origins":[{"versions":["2.0.36"],"source":"ossf-package-analysis","import_time":"2024-09-29T05:34:57.847130006Z","sha256":"af5eb7081dde9d70a0712995098c35c53b72258056714c3dbefd6a3d194d6ed3","modified_time":"2024-09-29T05:19:10Z"},{"versions":["2.0.41"],"source":"ossf-package-analysis","import_time":"2024-09-30T21:05:10.560979578Z","sha256":"b19259c8098c01b02c49f17f5b182d16414a51406542a06e33e6489883e5aed4","modified_time":"2024-09-30T21:03:32Z"},{"versions":["2.0.42"],"source":"ossf-package-analysis","import_time":"2024-09-30T21:05:10.479261831Z","sha256":"bf90d92fa876f6cda041840b3e6477ae4c98e7943dbd777b3cd4f81f924bef7b","modified_time":"2024-09-30T21:00:47Z"},{"versions":["2.0.43"],"source":"ossf-package-analysis","import_time":"2024-09-30T21:34:19.499807533Z","sha256":"c9562a845119704eb3ecad053084c76ec507aa4611372e1a089256ed3b7b2439","modified_time":"2024-09-30T21:05:49Z"},{"versions":["2.0.45"],"source":"ossf-package-analysis","import_time":"2024-09-30T22:04:57.832605162Z","sha256":"6098b272a93a705bf145a6f5dc205af2b471ac0e3781d7017c07f9888f5ee49d","modified_time":"2024-09-30T21:35:55Z"}]},"affected":[{"package":{"name":"@plentyofcode/header-bidding-adslot","ecosystem":"npm","purl":"pkg:npm/%40plentyofcode/header-bidding-adslot"},"versions":["2.0.36","2.0.41","2.0.42","2.0.43","2.0.45"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@plentyofcode/header-bidding-adslot/MAL-2024-9038.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}