{"id":"MAL-2024-984","summary":"Malicious code in prism-commercial-ui (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (022a3875aaf0406fa69c720352856a350f48f0b350caf1e5bb66717663d7a078)\nThe OpenSSF Package Analysis project identified 'prism-commercial-ui' @ 100.100.100 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-02-10T19:04:36Z","published":"2024-02-09T05:55:39Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","sha256":"022a3875aaf0406fa69c720352856a350f48f0b350caf1e5bb66717663d7a078","modified_time":"2024-02-09T05:55:39Z","import_time":"2024-02-09T06:04:58.79079466Z","versions":["100.100.100"]},{"source":"ossf-package-analysis","sha256":"5caeb9a46735e7fa74b20e9646a9363fecfaa68245c478718eef4c283b628ecf","modified_time":"2024-02-09T06:30:51Z","import_time":"2024-02-09T06:33:13.024192297Z","versions":["100.100.103"]},{"source":"ossf-package-analysis","sha256":"e27564ccf1e18fbbbd80796d9bfc14a868804b4014ef968e9b344ef0ff1965e9","modified_time":"2024-02-09T06:10:44Z","import_time":"2024-02-09T06:33:12.931883239Z","versions":["100.100.102"]},{"source":"ossf-package-analysis","sha256":"29397e6aa78d5fa17b88a2a00ba30c7c7578f8c84db3089debb4fd14b9c0dc19","modified_time":"2024-02-10T15:46:44Z","import_time":"2024-02-10T16:05:03.533961352Z","versions":["100.100.109"]},{"source":"ossf-package-analysis","sha256":"70450cb60199cc965fb4fee18004891f020155923eacad89c52148363c0c7c5d","modified_time":"2024-02-10T16:02:13Z","import_time":"2024-02-10T16:05:03.607367493Z","versions":["100.100.114"]},{"source":"ossf-package-analysis","sha256":"840b2083681c8091779dd3cc52fafb773e26a1ab1f7f00d4804ea56c396d1cbc","modified_time":"2024-02-10T16:02:44Z","import_time":"2024-02-10T16:05:03.695067079Z","versions":["100.100.113"]},{"source":"ossf-package-analysis","sha256":"ba2713f3ab57d33d564a9a135a100c86283006c3f4fe48b89389194db31a03f0","modified_time":"2024-02-10T16:22:16Z","import_time":"2024-02-10T16:33:42.269864127Z","versions":["100.100.116"]},{"source":"ossf-package-analysis","sha256":"2f79a09c1c454df18e21caab4acebdd28f3658a020fb96bb67b4fcd908002c1a","modified_time":"2024-02-10T16:34:01Z","import_time":"2024-02-10T17:04:46.850915379Z","versions":["100.100.117"]},{"source":"ossf-package-analysis","sha256":"77f3eba44fe0476babc7b6b726e095d75838f6493eb0377ad67fb391157ce890","modified_time":"2024-02-10T16:54:58Z","import_time":"2024-02-10T17:04:46.930060028Z","versions":["100.100.118"]},{"source":"ossf-package-analysis","sha256":"83bac9ccab9e56b1dc992ea5c306fdffc7f0053d80f7aa46f5e761a78a44ebd4","modified_time":"2024-02-10T17:10:40Z","import_time":"2024-02-10T17:33:25.573564237Z","versions":["100.100.119"]},{"source":"ossf-package-analysis","sha256":"56819234e88488640a741291dc9458c02c8c923750487bf07809579727a460b3","modified_time":"2024-02-10T18:24:34Z","import_time":"2024-02-10T18:33:44.441535662Z","versions":["100.100.123"]},{"source":"ossf-package-analysis","sha256":"d6af70cdbf87a78819c966ed1af3a1805d0c6e613b2dcbcab59f500ba7c21525","modified_time":"2024-02-10T18:28:08Z","import_time":"2024-02-10T18:33:44.529019488Z","versions":["100.100.124"]},{"source":"ossf-package-analysis","sha256":"12e2136d417ea588a7cf7962aa8449f26be99d0b9400a69c3f051f214c2f2472","modified_time":"2024-02-10T18:53:02Z","import_time":"2024-02-10T19:04:15.422634002Z","versions":["100.100.120"]}]},"affected":[{"package":{"name":"prism-commercial-ui","ecosystem":"npm","purl":"pkg:npm/prism-commercial-ui"},"versions":["100.100.100","100.100.103","100.100.102","100.100.109","100.100.114","100.100.113","100.100.116","100.100.117","100.100.118","100.100.119","100.100.123","100.100.124","100.100.120"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/prism-commercial-ui/MAL-2024-984.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}