{"id":"MAL-2025-6896","summary":"Malicious code in com.db.spain.common.fif.ngx-fusion-ufe (npm)","details":"The package communicates with a domain associated with malicious activity.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (30f0038c395e91d1add11ecd9f7f4784ac0fdf7c472e6ca9003c3d69ae35e031)\nThe OpenSSF Package Analysis project identified 'com.db.spain.common.fif.ngx-fusion-ufe' @ 2.2.8 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2025-08-22T11:35:09Z","published":"2025-08-18T02:47:11Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-08-18T02:55:43Z","import_time":"2025-08-18T03:34:43.247017676Z","sha256":"30f0038c395e91d1add11ecd9f7f4784ac0fdf7c472e6ca9003c3d69ae35e031","source":"ossf-package-analysis","versions":["2.2.8"]},{"modified_time":"2025-08-22T11:25:45Z","import_time":"2025-08-22T11:34:33.120839831Z","sha256":"25be59394b178978a9e2e6bcde550023e0b20d464b555a2e5b67a9c85699665b","source":"ossf-package-analysis","versions":["2.2.9"]}]},"affected":[{"package":{"name":"com.db.spain.common.fif.ngx-fusion-ufe","ecosystem":"npm","purl":"pkg:npm/com.db.spain.common.fif.ngx-fusion-ufe"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.2.7"}]}],"versions":["2.2.8","2.2.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/com.db.spain.common.fif.ngx-fusion-ufe/MAL-2025-6896.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}