{"id":"MAL-2024-9212","summary":"Malicious code in @copilot-web-widgets/common-core-sdk (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (148c6b43da3f4ec787aa611cf721a390eab6918627604a9405d817955e2c472b)\nThe OpenSSF Package Analysis project identified '@copilot-web-widgets/common-core-sdk' @ 1.11.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-10-15T00:21:39Z","published":"2024-10-10T19:10:44Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2024-10-10T19:30:42Z","import_time":"2024-10-10T19:34:07.697557577Z","versions":["1.11.0"],"source":"ossf-package-analysis","sha256":"148c6b43da3f4ec787aa611cf721a390eab6918627604a9405d817955e2c472b"},{"modified_time":"2024-10-10T19:26:01Z","import_time":"2024-10-10T19:34:07.373752191Z","versions":["1.9.0"],"source":"ossf-package-analysis","sha256":"81653dc6a94d3adb06c07aaf51b83989a9b6ae1db16cd0fe87413127a34caa96"},{"modified_time":"2024-10-10T19:15:51Z","import_time":"2024-10-10T19:34:07.224791217Z","versions":["1.6.0"],"source":"ossf-package-analysis","sha256":"be08d5a3382b1889f180635b68473897791ec9aeb242282c49f10f62d9f3b103"},{"modified_time":"2024-10-10T19:29:24Z","import_time":"2024-10-10T19:34:07.528246351Z","versions":["1.10.0"],"source":"ossf-package-analysis","sha256":"edd12a76954bdf4d384fcbac03c028e7c9015ab86c3ef401a42d0cfc49fd6b32"},{"modified_time":"2024-10-10T19:10:44Z","import_time":"2024-10-11T04:06:21.050231712Z","versions":["1.3.0"],"source":"ossf-package-analysis","sha256":"678e7b3f59c0c1d82a5af9599521720ef44381310b3d7707a976bc93766604a6"},{"modified_time":"2024-10-10T22:24:25Z","import_time":"2024-10-11T04:06:21.494402401Z","versions":["1.20.0"],"source":"ossf-package-analysis","sha256":"6d138092302b52c43f1bd5800431fbcdf3d5e6514b1647a62e0c82608b788452"},{"modified_time":"2024-10-11T19:03:41Z","import_time":"2024-10-15T00:21:15.650790412Z","versions":["2.100.0"],"source":"ossf-package-analysis","sha256":"31e26f17afbdfc84085afef35b1649df402571934631aa1bea20c1beca68029f"}]},"affected":[{"package":{"name":"@copilot-web-widgets/common-core-sdk","ecosystem":"npm","purl":"pkg:npm/%40copilot-web-widgets/common-core-sdk"},"versions":["1.11.0","1.9.0","1.6.0","1.10.0","1.3.0","1.20.0","2.100.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@copilot-web-widgets/common-core-sdk/MAL-2024-9212.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}