Lucene search

K

GoogleOSV:MAL-2023-8026

HistoryAug 21, 2023 - 12:00 a.m.

Malicious code in docs-public-api (npm)

2023-08-2100:00:00

Google

osv.dev

5

malicious code

docs-public-api

npm

packages

campaign

developers

source code

secrets

AI Score

7.4

Confidence

Low

-= Per source details. Do not edit below this line.=-

Source: checkmarx (ef1db73ad9c5c4da2dd3bded796ac7c4f660ab81ff6fd5cd77f0452265d05d6f)

Malicious packages campaign since 2021 targeting developers, steals source code and secrets

References

medium.com/checkmarx-security/an-ongoing-open-source-attack-reveals-roots-dating-back-to-2021-4a511979fd98

security.snyk.io/vuln/SNYK-JS-DOCSPUBLICAPI-5876602

AI Score

7.4

Confidence

Low