Lucene search
GoogleOSV:MAL-2024-4HistoryJan 01, 2024 - 6:57 p.m.
Malicious code in new-pro-anu (npm)
2024-01-0118:57:31
Google
osv.dev
13
malicious package
npm
domain communication
command execution
7.3 High
AI Score
Confidence
High
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (0b55891b547000b2110259388d7a21b3400ccd5815214318ed92c74acd78bf3c)
The OpenSSF Package Analysis project identified βnew-pro-anuβ @ 1.2.8 (npm) as malicious.
It is considered malicious because:
-
The package communicates with a domain associated with malicious activity.
-
The package executes one or more commands associated with malicious behavior.
| CPE | Name | Operator | Version |
|---|---|---|---|
| new-pro-anu | eq | 1.2.6 | |
| new-pro-anu | eq | 1.2.5 | |
| new-pro-anu | eq | 1.2.9 | |
| new-pro-anu | eq | 1.3.0 | |
| new-pro-anu | eq | 1.2.8 |
7.3 High
AI Score
Confidence
High