Lucene search
GoogleOSV:MAL-2024-1666HistoryJun 25, 2024 - 6:36 p.m.
Malicious code in internal-udfc-pkg (npm)
2024-06-2518:36:00
Google
osv.dev
1
malicious code
internal-udfc-pkg
npm
version 5.5.5
domain communication
7.3 High
AI Score
Confidence
High
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (25708e4f5f0536339a12c9bf28e659c821359f2733ff51d193cd6d74443c3650)
The OpenSSF Package Analysis project identified βinternal-udfc-pkgβ @ 5.5.5 (npm) as malicious.
It is considered malicious because:
-
The package communicates with a domain associated with malicious activity.
-
The package executes one or more commands associated with malicious behavior.
| CPE | Name | Operator | Version |
|---|---|---|---|
| internal-udfc-pkg | eq | 5.5.5 | |
| internal-udfc-pkg | eq | 5.5.6 | |
| internal-udfc-pkg | eq | 5.5.7 | |
| internal-udfc-pkg | eq | 5.5.8 | |
| internal-udfc-pkg | eq | 5.5.9 |
7.3 High
AI Score
Confidence
High