From 484c155af59459ddc95c8261c7908543cfdf26e3 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 6 Jan 2025 09:35:23 +0000 Subject: [PATCH 01/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-12143d1c19f40355.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/nativescript-gainsight-px2/MAL-0000-ossf-package-analysis-12143d1c19f40355.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index cdb1821d24..5ac65d900e 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241226/035053-npm-aws-iot-samples-util-1.0.0.json + confident/: confident/20241226/073044-npm-nativescript-gainsight-px-1.0.0.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/nativescript-gainsight-px2/MAL-0000-ossf-package-analysis-12143d1c19f40355.json b/osv/malicious/npm/nativescript-gainsight-px2/MAL-0000-ossf-package-analysis-12143d1c19f40355.json new file mode 100644 index 0000000000..0c30fa4b10 --- /dev/null +++ b/osv/malicious/npm/nativescript-gainsight-px2/MAL-0000-ossf-package-analysis-12143d1c19f40355.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-06T09:10:58Z", + "published": "2025-01-06T09:10:58Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in nativescript-gainsight-px2 (npm)", + "details": "The OpenSSF Package Analysis project identified 'nativescript-gainsight-px2' @ 1.11.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "nativescript-gainsight-px2" + }, + "versions": [ + "1.11.3" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "12143d1c19f403559d49925266742f6b2ca75a3fda8ed195a4e0189bf64dce70", + "import_time": "2025-01-06T09:35:18.852482758Z", + "modified_time": "2025-01-06T09:10:58Z", + "versions": [ + "1.11.3" + ] + } + ] + } +} From 1399ad29d95eb8b7172b5a7fe21731c6686358f1 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 6 Jan 2025 09:36:00 +0000 Subject: [PATCH 02/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-12143d1c19f40355.json => MAL-2025-19.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/nativescript-gainsight-px2/{MAL-0000-ossf-package-analysis-12143d1c19f40355.json => MAL-2025-19.json} (65%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index a72e14c258..d11c855611 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -3a813cddb668a8215fc89c57aaca200c31398154100b29d17d202d1b9c8fa888 \ No newline at end of file +8d0e88e9f80d661cf8078d04a32f28e8f6880944d8b3b65ee4d95bfd8f8daf60 \ No newline at end of file diff --git a/osv/malicious/npm/nativescript-gainsight-px2/MAL-0000-ossf-package-analysis-12143d1c19f40355.json b/osv/malicious/npm/nativescript-gainsight-px2/MAL-2025-19.json similarity index 65% rename from osv/malicious/npm/nativescript-gainsight-px2/MAL-0000-ossf-package-analysis-12143d1c19f40355.json rename to osv/malicious/npm/nativescript-gainsight-px2/MAL-2025-19.json index 0c30fa4b10..ee27c547aa 100644 --- a/osv/malicious/npm/nativescript-gainsight-px2/MAL-0000-ossf-package-analysis-12143d1c19f40355.json +++ b/osv/malicious/npm/nativescript-gainsight-px2/MAL-2025-19.json @@ -2,9 +2,9 @@ "modified": "2025-01-06T09:10:58Z", "published": "2025-01-06T09:10:58Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-19", "summary": "Malicious code in nativescript-gainsight-px2 (npm)", - "details": "The OpenSSF Package Analysis project identified 'nativescript-gainsight-px2' @ 1.11.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (12143d1c19f403559d49925266742f6b2ca75a3fda8ed195a4e0189bf64dce70)\nThe OpenSSF Package Analysis project identified 'nativescript-gainsight-px2' @ 1.11.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "12143d1c19f403559d49925266742f6b2ca75a3fda8ed195a4e0189bf64dce70", "import_time": "2025-01-06T09:35:18.852482758Z", "modified_time": "2025-01-06T09:10:58Z", + "sha256": "12143d1c19f403559d49925266742f6b2ca75a3fda8ed195a4e0189bf64dce70", + "source": "ossf-package-analysis", "versions": [ "1.11.3" ] From b336ccc3c80f538ec4d05a760cda64beb3867f7d Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 6 Jan 2025 10:06:20 +0000 Subject: [PATCH 03/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-f6980bf596e4c3ff.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/hd-base/MAL-0000-ossf-package-analysis-f6980bf596e4c3ff.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 5ac65d900e..d8c44a7809 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241226/073044-npm-nativescript-gainsight-px-1.0.0.json + confident/: confident/20241226/074043-npm-nativescript-gainsight-px-1.11.1.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/hd-base/MAL-0000-ossf-package-analysis-f6980bf596e4c3ff.json b/osv/malicious/npm/hd-base/MAL-0000-ossf-package-analysis-f6980bf596e4c3ff.json new file mode 100644 index 0000000000..f045dd6734 --- /dev/null +++ b/osv/malicious/npm/hd-base/MAL-0000-ossf-package-analysis-f6980bf596e4c3ff.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-06T09:42:07Z", + "published": "2025-01-06T09:42:07Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in hd-base (npm)", + "details": "The OpenSSF Package Analysis project identified 'hd-base' @ 99.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "hd-base" + }, + "versions": [ + "99.0.2" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "f6980bf596e4c3ffe8165b1ba8ef8d26bbadf784e90336c7620dc22131f23e58", + "import_time": "2025-01-06T10:06:17.642423864Z", + "modified_time": "2025-01-06T09:42:07Z", + "versions": [ + "99.0.2" + ] + } + ] + } +} From b6db02b74f94dfdb018d80c300aef9fb2c21e1b8 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 6 Jan 2025 10:07:04 +0000 Subject: [PATCH 04/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-f6980bf596e4c3ff.json => MAL-2025-20.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/hd-base/{MAL-0000-ossf-package-analysis-f6980bf596e4c3ff.json => MAL-2025-20.json} (69%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index d11c855611..f01fade58e 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -8d0e88e9f80d661cf8078d04a32f28e8f6880944d8b3b65ee4d95bfd8f8daf60 \ No newline at end of file +7ae3684e58511847ae20d3e0f99adce337f6edb32ee257290a734c3b04545cbb \ No newline at end of file diff --git a/osv/malicious/npm/hd-base/MAL-0000-ossf-package-analysis-f6980bf596e4c3ff.json b/osv/malicious/npm/hd-base/MAL-2025-20.json similarity index 69% rename from osv/malicious/npm/hd-base/MAL-0000-ossf-package-analysis-f6980bf596e4c3ff.json rename to osv/malicious/npm/hd-base/MAL-2025-20.json index f045dd6734..6a852c2dad 100644 --- a/osv/malicious/npm/hd-base/MAL-0000-ossf-package-analysis-f6980bf596e4c3ff.json +++ b/osv/malicious/npm/hd-base/MAL-2025-20.json @@ -2,9 +2,9 @@ "modified": "2025-01-06T09:42:07Z", "published": "2025-01-06T09:42:07Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-20", "summary": "Malicious code in hd-base (npm)", - "details": "The OpenSSF Package Analysis project identified 'hd-base' @ 99.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (f6980bf596e4c3ffe8165b1ba8ef8d26bbadf784e90336c7620dc22131f23e58)\nThe OpenSSF Package Analysis project identified 'hd-base' @ 99.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "f6980bf596e4c3ffe8165b1ba8ef8d26bbadf784e90336c7620dc22131f23e58", "import_time": "2025-01-06T10:06:17.642423864Z", "modified_time": "2025-01-06T09:42:07Z", + "sha256": "f6980bf596e4c3ffe8165b1ba8ef8d26bbadf784e90336c7620dc22131f23e58", + "source": "ossf-package-analysis", "versions": [ "99.0.2" ] From 71762cbc4da264cfab96d344fffe9d354d07af7a Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 6 Jan 2025 13:36:49 +0000 Subject: [PATCH 05/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-e9549d02a8179fe5.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/tree-sitter-strings/MAL-0000-ossf-package-analysis-e9549d02a8179fe5.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index d8c44a7809..d23e5c19a9 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241226/074043-npm-nativescript-gainsight-px-1.11.1.json + confident/: confident/20241226/085829-npm-contentsdk-node-1.0.0.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/tree-sitter-strings/MAL-0000-ossf-package-analysis-e9549d02a8179fe5.json b/osv/malicious/npm/tree-sitter-strings/MAL-0000-ossf-package-analysis-e9549d02a8179fe5.json new file mode 100644 index 0000000000..4068092547 --- /dev/null +++ b/osv/malicious/npm/tree-sitter-strings/MAL-0000-ossf-package-analysis-e9549d02a8179fe5.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-06T13:36:13Z", + "published": "2025-01-06T13:36:13Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in tree-sitter-strings (npm)", + "details": "The OpenSSF Package Analysis project identified 'tree-sitter-strings' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "tree-sitter-strings" + }, + "versions": [ + "1.0.0" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "e9549d02a8179fe5a070281158b47ab35e7872770f13ca3de6929171c342ff5e", + "import_time": "2025-01-06T13:36:44.477552861Z", + "modified_time": "2025-01-06T13:36:13Z", + "versions": [ + "1.0.0" + ] + } + ] + } +} From 6063a67b3818b16e06da0ab2f811b5c2020d547e Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 6 Jan 2025 13:37:51 +0000 Subject: [PATCH 06/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-e9549d02a8179fe5.json => MAL-2025-21.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/tree-sitter-strings/{MAL-0000-ossf-package-analysis-e9549d02a8179fe5.json => MAL-2025-21.json} (69%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index f01fade58e..c25e35f848 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -7ae3684e58511847ae20d3e0f99adce337f6edb32ee257290a734c3b04545cbb \ No newline at end of file +d292498d06ba2719d209a841509fcb4ece1a83d77532db39e987eafaf872f563 \ No newline at end of file diff --git a/osv/malicious/npm/tree-sitter-strings/MAL-0000-ossf-package-analysis-e9549d02a8179fe5.json b/osv/malicious/npm/tree-sitter-strings/MAL-2025-21.json similarity index 69% rename from osv/malicious/npm/tree-sitter-strings/MAL-0000-ossf-package-analysis-e9549d02a8179fe5.json rename to osv/malicious/npm/tree-sitter-strings/MAL-2025-21.json index 4068092547..f6de874d9c 100644 --- a/osv/malicious/npm/tree-sitter-strings/MAL-0000-ossf-package-analysis-e9549d02a8179fe5.json +++ b/osv/malicious/npm/tree-sitter-strings/MAL-2025-21.json @@ -2,9 +2,9 @@ "modified": "2025-01-06T13:36:13Z", "published": "2025-01-06T13:36:13Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-21", "summary": "Malicious code in tree-sitter-strings (npm)", - "details": "The OpenSSF Package Analysis project identified 'tree-sitter-strings' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (e9549d02a8179fe5a070281158b47ab35e7872770f13ca3de6929171c342ff5e)\nThe OpenSSF Package Analysis project identified 'tree-sitter-strings' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "e9549d02a8179fe5a070281158b47ab35e7872770f13ca3de6929171c342ff5e", "import_time": "2025-01-06T13:36:44.477552861Z", "modified_time": "2025-01-06T13:36:13Z", + "sha256": "e9549d02a8179fe5a070281158b47ab35e7872770f13ca3de6929171c342ff5e", + "source": "ossf-package-analysis", "versions": [ "1.0.0" ] From 178ee27c8cad07ae65252dc7fb276fe3d88f10c2 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 6 Jan 2025 15:05:40 +0000 Subject: [PATCH 07/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-4d12d4e4388bdfd3.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/@vf-org/smapi-js-core/MAL-0000-ossf-package-analysis-4d12d4e4388bdfd3.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index d23e5c19a9..36552429e8 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241226/085829-npm-contentsdk-node-1.0.0.json + confident/: confident/20241226/130300-npm-zoomapps-texteditor-vuejs-1.0.4.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/@vf-org/smapi-js-core/MAL-0000-ossf-package-analysis-4d12d4e4388bdfd3.json b/osv/malicious/npm/@vf-org/smapi-js-core/MAL-0000-ossf-package-analysis-4d12d4e4388bdfd3.json new file mode 100644 index 0000000000..2f2870f6ff --- /dev/null +++ b/osv/malicious/npm/@vf-org/smapi-js-core/MAL-0000-ossf-package-analysis-4d12d4e4388bdfd3.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-06T14:50:50Z", + "published": "2025-01-06T14:50:50Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in @vf-org/smapi-js-core (npm)", + "details": "The OpenSSF Package Analysis project identified '@vf-org/smapi-js-core' @ 8.2.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "@vf-org/smapi-js-core" + }, + "versions": [ + "8.2.0" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "4d12d4e4388bdfd37673aa9e4527d481312b56703325b9cc938f22cac268f25e", + "import_time": "2025-01-06T15:05:37.941040121Z", + "modified_time": "2025-01-06T14:50:50Z", + "versions": [ + "8.2.0" + ] + } + ] + } +} From 4b461752addbdc9fea748d731a982ddc86674597 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 6 Jan 2025 15:06:21 +0000 Subject: [PATCH 08/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-4d12d4e4388bdfd3.json => MAL-2025-22.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/@vf-org/smapi-js-core/{MAL-0000-ossf-package-analysis-4d12d4e4388bdfd3.json => MAL-2025-22.json} (65%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index c25e35f848..951eb03126 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -d292498d06ba2719d209a841509fcb4ece1a83d77532db39e987eafaf872f563 \ No newline at end of file +02ef2813f5527b398bc6026108a39ade70dfe5538c1d0b1cb91d9a5f2e585867 \ No newline at end of file diff --git a/osv/malicious/npm/@vf-org/smapi-js-core/MAL-0000-ossf-package-analysis-4d12d4e4388bdfd3.json b/osv/malicious/npm/@vf-org/smapi-js-core/MAL-2025-22.json similarity index 65% rename from osv/malicious/npm/@vf-org/smapi-js-core/MAL-0000-ossf-package-analysis-4d12d4e4388bdfd3.json rename to osv/malicious/npm/@vf-org/smapi-js-core/MAL-2025-22.json index 2f2870f6ff..a6382f2050 100644 --- a/osv/malicious/npm/@vf-org/smapi-js-core/MAL-0000-ossf-package-analysis-4d12d4e4388bdfd3.json +++ b/osv/malicious/npm/@vf-org/smapi-js-core/MAL-2025-22.json @@ -2,9 +2,9 @@ "modified": "2025-01-06T14:50:50Z", "published": "2025-01-06T14:50:50Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-22", "summary": "Malicious code in @vf-org/smapi-js-core (npm)", - "details": "The OpenSSF Package Analysis project identified '@vf-org/smapi-js-core' @ 8.2.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (4d12d4e4388bdfd37673aa9e4527d481312b56703325b9cc938f22cac268f25e)\nThe OpenSSF Package Analysis project identified '@vf-org/smapi-js-core' @ 8.2.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "4d12d4e4388bdfd37673aa9e4527d481312b56703325b9cc938f22cac268f25e", "import_time": "2025-01-06T15:05:37.941040121Z", "modified_time": "2025-01-06T14:50:50Z", + "sha256": "4d12d4e4388bdfd37673aa9e4527d481312b56703325b9cc938f22cac268f25e", + "source": "ossf-package-analysis", "versions": [ "8.2.0" ] From 33d53e9672363c307a770a8161a2cc160e35e178 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 6 Jan 2025 15:34:42 +0000 Subject: [PATCH 09/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-af09ada62786b848.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/zetessf/MAL-0000-ossf-package-analysis-af09ada62786b848.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 36552429e8..e86271d4a4 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241226/130300-npm-zoomapps-texteditor-vuejs-1.0.4.json + confident/: confident/20241226/152600-npm-aem-react-spa-1.1.1.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/zetessf/MAL-0000-ossf-package-analysis-af09ada62786b848.json b/osv/malicious/npm/zetessf/MAL-0000-ossf-package-analysis-af09ada62786b848.json new file mode 100644 index 0000000000..34be2cbc1a --- /dev/null +++ b/osv/malicious/npm/zetessf/MAL-0000-ossf-package-analysis-af09ada62786b848.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-06T15:28:58Z", + "published": "2025-01-06T15:28:58Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in zetessf (npm)", + "details": "The OpenSSF Package Analysis project identified 'zetessf' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "zetessf" + }, + "versions": [ + "1.0.0" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "af09ada62786b848f0c10032da514aabb5df551b339477e358be2da5af15bc86", + "import_time": "2025-01-06T15:34:37.058743954Z", + "modified_time": "2025-01-06T15:28:58Z", + "versions": [ + "1.0.0" + ] + } + ] + } +} From b0315bea1dc7808bdddea6893922162733e3bec6 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 6 Jan 2025 15:35:25 +0000 Subject: [PATCH 10/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-af09ada62786b848.json => MAL-2025-23.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/zetessf/{MAL-0000-ossf-package-analysis-af09ada62786b848.json => MAL-2025-23.json} (65%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index 951eb03126..0c11dbcd98 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -02ef2813f5527b398bc6026108a39ade70dfe5538c1d0b1cb91d9a5f2e585867 \ No newline at end of file +26318e66b68278398b708dfa1e0d6bb365bccd695db2998279e47aea9e72403f \ No newline at end of file diff --git a/osv/malicious/npm/zetessf/MAL-0000-ossf-package-analysis-af09ada62786b848.json b/osv/malicious/npm/zetessf/MAL-2025-23.json similarity index 65% rename from osv/malicious/npm/zetessf/MAL-0000-ossf-package-analysis-af09ada62786b848.json rename to osv/malicious/npm/zetessf/MAL-2025-23.json index 34be2cbc1a..e65d04e657 100644 --- a/osv/malicious/npm/zetessf/MAL-0000-ossf-package-analysis-af09ada62786b848.json +++ b/osv/malicious/npm/zetessf/MAL-2025-23.json @@ -2,9 +2,9 @@ "modified": "2025-01-06T15:28:58Z", "published": "2025-01-06T15:28:58Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-23", "summary": "Malicious code in zetessf (npm)", - "details": "The OpenSSF Package Analysis project identified 'zetessf' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (af09ada62786b848f0c10032da514aabb5df551b339477e358be2da5af15bc86)\nThe OpenSSF Package Analysis project identified 'zetessf' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "af09ada62786b848f0c10032da514aabb5df551b339477e358be2da5af15bc86", "import_time": "2025-01-06T15:34:37.058743954Z", "modified_time": "2025-01-06T15:28:58Z", + "sha256": "af09ada62786b848f0c10032da514aabb5df551b339477e358be2da5af15bc86", + "source": "ossf-package-analysis", "versions": [ "1.0.0" ] From 1e6b3095523b98ce94db2f03fc99f4161106d479 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 10:06:17 +0000 Subject: [PATCH 11/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-b87ca459f5fbe7d9.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-b87ca459f5fbe7d9.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index e86271d4a4..a191a55b2b 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241226/152600-npm-aem-react-spa-1.1.1.json + confident/: confident/20241227/090600-npm-dev-journey-app-1.2.0.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-b87ca459f5fbe7d9.json b/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-b87ca459f5fbe7d9.json new file mode 100644 index 0000000000..6e07dbd4a4 --- /dev/null +++ b/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-b87ca459f5fbe7d9.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T09:40:14Z", + "published": "2025-01-07T09:40:14Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in electron-builder-13 (npm)", + "details": "The OpenSSF Package Analysis project identified 'electron-builder-13' @ 13.4.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "electron-builder-13" + }, + "versions": [ + "13.4.5" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "b87ca459f5fbe7d970a7053fdea799abf8736f04fa8ee97b743587d996bae11c", + "import_time": "2025-01-07T10:06:12.377786698Z", + "modified_time": "2025-01-07T09:40:14Z", + "versions": [ + "13.4.5" + ] + } + ] + } +} From e6e46f273d4555ccb64dff134d8a63d230e1edcb Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 10:06:56 +0000 Subject: [PATCH 12/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-b87ca459f5fbe7d9.json => MAL-2025-24.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/electron-builder-13/{MAL-0000-ossf-package-analysis-b87ca459f5fbe7d9.json => MAL-2025-24.json} (69%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index 0c11dbcd98..479dbd670c 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -26318e66b68278398b708dfa1e0d6bb365bccd695db2998279e47aea9e72403f \ No newline at end of file +52597698e80d71026f82675e6c2e305f19053732e6b4abf51f4f14222c222473 \ No newline at end of file diff --git a/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-b87ca459f5fbe7d9.json b/osv/malicious/npm/electron-builder-13/MAL-2025-24.json similarity index 69% rename from osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-b87ca459f5fbe7d9.json rename to osv/malicious/npm/electron-builder-13/MAL-2025-24.json index 6e07dbd4a4..5f882d8897 100644 --- a/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-b87ca459f5fbe7d9.json +++ b/osv/malicious/npm/electron-builder-13/MAL-2025-24.json @@ -2,9 +2,9 @@ "modified": "2025-01-07T09:40:14Z", "published": "2025-01-07T09:40:14Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-24", "summary": "Malicious code in electron-builder-13 (npm)", - "details": "The OpenSSF Package Analysis project identified 'electron-builder-13' @ 13.4.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (b87ca459f5fbe7d970a7053fdea799abf8736f04fa8ee97b743587d996bae11c)\nThe OpenSSF Package Analysis project identified 'electron-builder-13' @ 13.4.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "b87ca459f5fbe7d970a7053fdea799abf8736f04fa8ee97b743587d996bae11c", "import_time": "2025-01-07T10:06:12.377786698Z", "modified_time": "2025-01-07T09:40:14Z", + "sha256": "b87ca459f5fbe7d970a7053fdea799abf8736f04fa8ee97b743587d996bae11c", + "source": "ossf-package-analysis", "versions": [ "13.4.5" ] From 063b6d12ccce1b969e52599e0ff703192d2a0ac5 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 10:38:08 +0000 Subject: [PATCH 13/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-645431e0b1ecc29f.json | 42 +++++++++++++++++++ ...ssf-package-analysis-9f18233f79ecd2fd.json | 42 +++++++++++++++++++ 3 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-645431e0b1ecc29f.json create mode 100644 osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-9f18233f79ecd2fd.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index a191a55b2b..752c5a0f2f 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241227/090600-npm-dev-journey-app-1.2.0.json + confident/: confident/20241227/153053-npm-plugin-sitemap-coveo-1.0.0.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-645431e0b1ecc29f.json b/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-645431e0b1ecc29f.json new file mode 100644 index 0000000000..7583edde7e --- /dev/null +++ b/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-645431e0b1ecc29f.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T10:24:45Z", + "published": "2025-01-07T10:24:45Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in electron-builder-13 (npm)", + "details": "The OpenSSF Package Analysis project identified 'electron-builder-13' @ 13.6.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "electron-builder-13" + }, + "versions": [ + "13.6.5" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "645431e0b1ecc29f59ec3f6e140926f2fe46d6e01218e48371d5773eac867d3b", + "import_time": "2025-01-07T10:38:05.451478588Z", + "modified_time": "2025-01-07T10:24:45Z", + "versions": [ + "13.6.5" + ] + } + ] + } +} diff --git a/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-9f18233f79ecd2fd.json b/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-9f18233f79ecd2fd.json new file mode 100644 index 0000000000..ada342e827 --- /dev/null +++ b/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-9f18233f79ecd2fd.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T10:27:53Z", + "published": "2025-01-07T10:27:53Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in electron-builder-13 (npm)", + "details": "The OpenSSF Package Analysis project identified 'electron-builder-13' @ 13.7.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "electron-builder-13" + }, + "versions": [ + "13.7.5" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "9f18233f79ecd2fd906456f4f55ddc2250380aa687cd98259d78a84cd89f40f8", + "import_time": "2025-01-07T10:38:05.505845058Z", + "modified_time": "2025-01-07T10:27:53Z", + "versions": [ + "13.7.5" + ] + } + ] + } +} From e089429839d93d14b6be00c53aa061bfabee0c09 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 10:38:52 +0000 Subject: [PATCH 14/32] Assign IDs --- ...ssf-package-analysis-645431e0b1ecc29f.json | 42 ------------------- ...ssf-package-analysis-9f18233f79ecd2fd.json | 42 ------------------- .../npm/electron-builder-13/MAL-2025-24.json | 28 +++++++++++-- 3 files changed, 24 insertions(+), 88 deletions(-) delete mode 100644 osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-645431e0b1ecc29f.json delete mode 100644 osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-9f18233f79ecd2fd.json diff --git a/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-645431e0b1ecc29f.json b/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-645431e0b1ecc29f.json deleted file mode 100644 index 7583edde7e..0000000000 --- a/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-645431e0b1ecc29f.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "modified": "2025-01-07T10:24:45Z", - "published": "2025-01-07T10:24:45Z", - "schema_version": "1.5.0", - "id": "", - "summary": "Malicious code in electron-builder-13 (npm)", - "details": "The OpenSSF Package Analysis project identified 'electron-builder-13' @ 13.6.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "electron-builder-13" - }, - "versions": [ - "13.6.5" - ] - } - ], - "credits": [ - { - "name": "OpenSSF: Package Analysis", - "type": "FINDER", - "contact": [ - "https://github.com/ossf/package-analysis", - "https://openssf.slack.com/channels/package_analysis" - ] - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ossf-package-analysis", - "sha256": "645431e0b1ecc29f59ec3f6e140926f2fe46d6e01218e48371d5773eac867d3b", - "import_time": "2025-01-07T10:38:05.451478588Z", - "modified_time": "2025-01-07T10:24:45Z", - "versions": [ - "13.6.5" - ] - } - ] - } -} diff --git a/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-9f18233f79ecd2fd.json b/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-9f18233f79ecd2fd.json deleted file mode 100644 index ada342e827..0000000000 --- a/osv/malicious/npm/electron-builder-13/MAL-0000-ossf-package-analysis-9f18233f79ecd2fd.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "modified": "2025-01-07T10:27:53Z", - "published": "2025-01-07T10:27:53Z", - "schema_version": "1.5.0", - "id": "", - "summary": "Malicious code in electron-builder-13 (npm)", - "details": "The OpenSSF Package Analysis project identified 'electron-builder-13' @ 13.7.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "electron-builder-13" - }, - "versions": [ - "13.7.5" - ] - } - ], - "credits": [ - { - "name": "OpenSSF: Package Analysis", - "type": "FINDER", - "contact": [ - "https://github.com/ossf/package-analysis", - "https://openssf.slack.com/channels/package_analysis" - ] - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ossf-package-analysis", - "sha256": "9f18233f79ecd2fd906456f4f55ddc2250380aa687cd98259d78a84cd89f40f8", - "import_time": "2025-01-07T10:38:05.505845058Z", - "modified_time": "2025-01-07T10:27:53Z", - "versions": [ - "13.7.5" - ] - } - ] - } -} diff --git a/osv/malicious/npm/electron-builder-13/MAL-2025-24.json b/osv/malicious/npm/electron-builder-13/MAL-2025-24.json index 5f882d8897..1e25e4f21a 100644 --- a/osv/malicious/npm/electron-builder-13/MAL-2025-24.json +++ b/osv/malicious/npm/electron-builder-13/MAL-2025-24.json @@ -1,5 +1,5 @@ { - "modified": "2025-01-07T09:40:14Z", + "modified": "2025-01-07T10:38:35Z", "published": "2025-01-07T09:40:14Z", "schema_version": "1.5.0", "id": "MAL-2025-24", @@ -12,7 +12,9 @@ "name": "electron-builder-13" }, "versions": [ - "13.4.5" + "13.4.5", + "13.6.5", + "13.7.5" ] } ], @@ -29,13 +31,31 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "b87ca459f5fbe7d970a7053fdea799abf8736f04fa8ee97b743587d996bae11c", "import_time": "2025-01-07T10:06:12.377786698Z", "modified_time": "2025-01-07T09:40:14Z", - "sha256": "b87ca459f5fbe7d970a7053fdea799abf8736f04fa8ee97b743587d996bae11c", - "source": "ossf-package-analysis", "versions": [ "13.4.5" ] + }, + { + "source": "ossf-package-analysis", + "sha256": "645431e0b1ecc29f59ec3f6e140926f2fe46d6e01218e48371d5773eac867d3b", + "import_time": "2025-01-07T10:38:05.451478588Z", + "modified_time": "2025-01-07T10:24:45Z", + "versions": [ + "13.6.5" + ] + }, + { + "source": "ossf-package-analysis", + "sha256": "9f18233f79ecd2fd906456f4f55ddc2250380aa687cd98259d78a84cd89f40f8", + "import_time": "2025-01-07T10:38:05.505845058Z", + "modified_time": "2025-01-07T10:27:53Z", + "versions": [ + "13.7.5" + ] } ] } From f17bde64af2963cbe5cb909848921d0f5a3f544b Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 12:08:38 +0000 Subject: [PATCH 15/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-32b1e08557df6041.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/ecpfs-react-jest-helpers/MAL-0000-ossf-package-analysis-32b1e08557df6041.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 752c5a0f2f..317522a153 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241227/153053-npm-plugin-sitemap-coveo-1.0.0.json + confident/: confident/20241227/171559-npm-proton-parking-page-1.1.0.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/ecpfs-react-jest-helpers/MAL-0000-ossf-package-analysis-32b1e08557df6041.json b/osv/malicious/npm/ecpfs-react-jest-helpers/MAL-0000-ossf-package-analysis-32b1e08557df6041.json new file mode 100644 index 0000000000..a07a508f6c --- /dev/null +++ b/osv/malicious/npm/ecpfs-react-jest-helpers/MAL-0000-ossf-package-analysis-32b1e08557df6041.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T12:05:55Z", + "published": "2025-01-07T12:05:55Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in ecpfs-react-jest-helpers (npm)", + "details": "The OpenSSF Package Analysis project identified 'ecpfs-react-jest-helpers' @ 2.0.1-v1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "ecpfs-react-jest-helpers" + }, + "versions": [ + "2.0.1-v1" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "32b1e08557df6041c33ac4eaf0ebb0a3cdbc1bebeeb27b97321516cd0772898a", + "import_time": "2025-01-07T12:08:35.785016631Z", + "modified_time": "2025-01-07T12:05:55Z", + "versions": [ + "2.0.1-v1" + ] + } + ] + } +} From 4f1d77668204c58361d7b1d2830ad30aeffef546 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 12:09:15 +0000 Subject: [PATCH 16/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-32b1e08557df6041.json => MAL-2025-25.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/ecpfs-react-jest-helpers/{MAL-0000-ossf-package-analysis-32b1e08557df6041.json => MAL-2025-25.json} (69%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index 479dbd670c..f84e00baf0 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -52597698e80d71026f82675e6c2e305f19053732e6b4abf51f4f14222c222473 \ No newline at end of file +1f493822118ed8b47acd77e2bea94de7e364bcffaeef415b19fd6b48b7aa693b \ No newline at end of file diff --git a/osv/malicious/npm/ecpfs-react-jest-helpers/MAL-0000-ossf-package-analysis-32b1e08557df6041.json b/osv/malicious/npm/ecpfs-react-jest-helpers/MAL-2025-25.json similarity index 69% rename from osv/malicious/npm/ecpfs-react-jest-helpers/MAL-0000-ossf-package-analysis-32b1e08557df6041.json rename to osv/malicious/npm/ecpfs-react-jest-helpers/MAL-2025-25.json index a07a508f6c..4f9435ddee 100644 --- a/osv/malicious/npm/ecpfs-react-jest-helpers/MAL-0000-ossf-package-analysis-32b1e08557df6041.json +++ b/osv/malicious/npm/ecpfs-react-jest-helpers/MAL-2025-25.json @@ -2,9 +2,9 @@ "modified": "2025-01-07T12:05:55Z", "published": "2025-01-07T12:05:55Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-25", "summary": "Malicious code in ecpfs-react-jest-helpers (npm)", - "details": "The OpenSSF Package Analysis project identified 'ecpfs-react-jest-helpers' @ 2.0.1-v1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (32b1e08557df6041c33ac4eaf0ebb0a3cdbc1bebeeb27b97321516cd0772898a)\nThe OpenSSF Package Analysis project identified 'ecpfs-react-jest-helpers' @ 2.0.1-v1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "32b1e08557df6041c33ac4eaf0ebb0a3cdbc1bebeeb27b97321516cd0772898a", "import_time": "2025-01-07T12:08:35.785016631Z", "modified_time": "2025-01-07T12:05:55Z", + "sha256": "32b1e08557df6041c33ac4eaf0ebb0a3cdbc1bebeeb27b97321516cd0772898a", + "source": "ossf-package-analysis", "versions": [ "2.0.1-v1" ] From d039b22dcf82670396beffecaf898ef05aed8368 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 12:46:25 +0000 Subject: [PATCH 17/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-b43e835ee1484fff.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/@patternfly-v5/patternfly/MAL-0000-ossf-package-analysis-b43e835ee1484fff.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 317522a153..695ec88aaa 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241227/171559-npm-proton-parking-page-1.1.0.json + confident/: confident/20250106/091058-npm-nativescript-gainsight-px2-1.11.3.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/@patternfly-v5/patternfly/MAL-0000-ossf-package-analysis-b43e835ee1484fff.json b/osv/malicious/npm/@patternfly-v5/patternfly/MAL-0000-ossf-package-analysis-b43e835ee1484fff.json new file mode 100644 index 0000000000..f5172cbbc6 --- /dev/null +++ b/osv/malicious/npm/@patternfly-v5/patternfly/MAL-0000-ossf-package-analysis-b43e835ee1484fff.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T12:33:06Z", + "published": "2025-01-07T12:33:06Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in @patternfly-v5/patternfly (npm)", + "details": "The OpenSSF Package Analysis project identified '@patternfly-v5/patternfly' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "@patternfly-v5/patternfly" + }, + "versions": [ + "1.0.2" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "b43e835ee1484fff5f40f97988af91cf9adfabcef41f9bd4970a9eee273ee7ba", + "import_time": "2025-01-07T12:46:21.97193352Z", + "modified_time": "2025-01-07T12:33:06Z", + "versions": [ + "1.0.2" + ] + } + ] + } +} From 53409dc5ed3b47ea9419116565bab44759a684be Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 12:47:10 +0000 Subject: [PATCH 18/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-b43e835ee1484fff.json => MAL-2025-26.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/@patternfly-v5/patternfly/{MAL-0000-ossf-package-analysis-b43e835ee1484fff.json => MAL-2025-26.json} (69%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index f84e00baf0..f682fcd3b8 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -1f493822118ed8b47acd77e2bea94de7e364bcffaeef415b19fd6b48b7aa693b \ No newline at end of file +fcf3b6d89bdbb2dd5c6ad97834df0f926a8a565f631cb63fa6498c31ea4280c3 \ No newline at end of file diff --git a/osv/malicious/npm/@patternfly-v5/patternfly/MAL-0000-ossf-package-analysis-b43e835ee1484fff.json b/osv/malicious/npm/@patternfly-v5/patternfly/MAL-2025-26.json similarity index 69% rename from osv/malicious/npm/@patternfly-v5/patternfly/MAL-0000-ossf-package-analysis-b43e835ee1484fff.json rename to osv/malicious/npm/@patternfly-v5/patternfly/MAL-2025-26.json index f5172cbbc6..02faed5f63 100644 --- a/osv/malicious/npm/@patternfly-v5/patternfly/MAL-0000-ossf-package-analysis-b43e835ee1484fff.json +++ b/osv/malicious/npm/@patternfly-v5/patternfly/MAL-2025-26.json @@ -2,9 +2,9 @@ "modified": "2025-01-07T12:33:06Z", "published": "2025-01-07T12:33:06Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-26", "summary": "Malicious code in @patternfly-v5/patternfly (npm)", - "details": "The OpenSSF Package Analysis project identified '@patternfly-v5/patternfly' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (b43e835ee1484fff5f40f97988af91cf9adfabcef41f9bd4970a9eee273ee7ba)\nThe OpenSSF Package Analysis project identified '@patternfly-v5/patternfly' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "b43e835ee1484fff5f40f97988af91cf9adfabcef41f9bd4970a9eee273ee7ba", "import_time": "2025-01-07T12:46:21.97193352Z", "modified_time": "2025-01-07T12:33:06Z", + "sha256": "b43e835ee1484fff5f40f97988af91cf9adfabcef41f9bd4970a9eee273ee7ba", + "source": "ossf-package-analysis", "versions": [ "1.0.2" ] From b8cc4581c285ec3f90c4ec4185b5b444b06aa8af Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 15:53:28 +0000 Subject: [PATCH 19/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-614a7726e7b28996.json | 42 +++++++++++++++++++ ...ssf-package-analysis-62221769774a8b13.json | 42 +++++++++++++++++++ ...ssf-package-analysis-80696b814c9a20ed.json | 42 +++++++++++++++++++ ...ssf-package-analysis-1c0d7191f53edcbd.json | 42 +++++++++++++++++++ ...ssf-package-analysis-3794063e1fdfda5e.json | 42 +++++++++++++++++++ 6 files changed, 211 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/cursor-always-local/MAL-0000-ossf-package-analysis-614a7726e7b28996.json create mode 100644 osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-62221769774a8b13.json create mode 100644 osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-80696b814c9a20ed.json create mode 100644 osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-1c0d7191f53edcbd.json create mode 100644 osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-3794063e1fdfda5e.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 695ec88aaa..0ca6487e95 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20250106/091058-npm-nativescript-gainsight-px2-1.11.3.json + confident/: confident/20250107/094014-npm-electron-builder-13-13.4.5.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/cursor-always-local/MAL-0000-ossf-package-analysis-614a7726e7b28996.json b/osv/malicious/npm/cursor-always-local/MAL-0000-ossf-package-analysis-614a7726e7b28996.json new file mode 100644 index 0000000000..c597840107 --- /dev/null +++ b/osv/malicious/npm/cursor-always-local/MAL-0000-ossf-package-analysis-614a7726e7b28996.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T15:35:45Z", + "published": "2025-01-07T15:35:45Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in cursor-always-local (npm)", + "details": "The OpenSSF Package Analysis project identified 'cursor-always-local' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "cursor-always-local" + }, + "versions": [ + "1.0.2" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "614a7726e7b2899695d56d3b75f1f9179a6fcde5654913693b20e521e476840f", + "import_time": "2025-01-07T15:53:25.268217055Z", + "modified_time": "2025-01-07T15:35:45Z", + "versions": [ + "1.0.2" + ] + } + ] + } +} diff --git a/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-62221769774a8b13.json b/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-62221769774a8b13.json new file mode 100644 index 0000000000..dae10a63f6 --- /dev/null +++ b/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-62221769774a8b13.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T15:17:56Z", + "published": "2025-01-07T15:17:56Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in cursor-retrieval (npm)", + "details": "The OpenSSF Package Analysis project identified 'cursor-retrieval' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "cursor-retrieval" + }, + "versions": [ + "1.0.1" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "62221769774a8b1379cf87256d847c23b08155088aa7dfd78c01d78ffba5e9ba", + "import_time": "2025-01-07T15:53:25.198549801Z", + "modified_time": "2025-01-07T15:17:56Z", + "versions": [ + "1.0.1" + ] + } + ] + } +} diff --git a/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-80696b814c9a20ed.json b/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-80696b814c9a20ed.json new file mode 100644 index 0000000000..bc85c7c2a1 --- /dev/null +++ b/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-80696b814c9a20ed.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T15:35:45Z", + "published": "2025-01-07T15:35:45Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in cursor-retrieval (npm)", + "details": "The OpenSSF Package Analysis project identified 'cursor-retrieval' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "cursor-retrieval" + }, + "versions": [ + "1.0.2" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "80696b814c9a20ed7aa8c27772abf60d9b33ea85a24eb5699b90c75f802f2fe2", + "import_time": "2025-01-07T15:53:25.353489496Z", + "modified_time": "2025-01-07T15:35:45Z", + "versions": [ + "1.0.2" + ] + } + ] + } +} diff --git a/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-1c0d7191f53edcbd.json b/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-1c0d7191f53edcbd.json new file mode 100644 index 0000000000..b4aea4ec75 --- /dev/null +++ b/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-1c0d7191f53edcbd.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T15:36:08Z", + "published": "2025-01-07T15:36:08Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in cursor-shadow-workspace (npm)", + "details": "The OpenSSF Package Analysis project identified 'cursor-shadow-workspace' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "cursor-shadow-workspace" + }, + "versions": [ + "1.0.2" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "1c0d7191f53edcbd6d8459f64259fb12d6390bc73fffef3e045a073875f0f91f", + "import_time": "2025-01-07T15:53:25.399169375Z", + "modified_time": "2025-01-07T15:36:08Z", + "versions": [ + "1.0.2" + ] + } + ] + } +} diff --git a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-3794063e1fdfda5e.json b/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-3794063e1fdfda5e.json new file mode 100644 index 0000000000..a5f686be33 --- /dev/null +++ b/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-3794063e1fdfda5e.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T15:05:44Z", + "published": "2025-01-07T15:05:44Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in jpl-branding (npm)", + "details": "The OpenSSF Package Analysis project identified 'jpl-branding' @ 2.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "jpl-branding" + }, + "versions": [ + "2.0.2" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "3794063e1fdfda5e6f34e623a6ff58b9be119adb03e613206f3be17e3a5fd0e9", + "import_time": "2025-01-07T15:53:25.09381726Z", + "modified_time": "2025-01-07T15:05:44Z", + "versions": [ + "2.0.2" + ] + } + ] + } +} From ccb28fe6b8bc3bb95d404ae336612f7fa8a9e235 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 15:54:05 +0000 Subject: [PATCH 20/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...614a7726e7b28996.json => MAL-2025-27.json} | 8 ++-- ...ssf-package-analysis-80696b814c9a20ed.json | 42 ------------------- ...62221769774a8b13.json => MAL-2025-28.json} | 22 +++++++--- ...1c0d7191f53edcbd.json => MAL-2025-29.json} | 8 ++-- ...3794063e1fdfda5e.json => MAL-2025-30.json} | 8 ++-- 6 files changed, 29 insertions(+), 61 deletions(-) rename osv/malicious/npm/cursor-always-local/{MAL-0000-ossf-package-analysis-614a7726e7b28996.json => MAL-2025-27.json} (69%) delete mode 100644 osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-80696b814c9a20ed.json rename osv/malicious/npm/cursor-retrieval/{MAL-0000-ossf-package-analysis-62221769774a8b13.json => MAL-2025-28.json} (52%) rename osv/malicious/npm/cursor-shadow-workspace/{MAL-0000-ossf-package-analysis-1c0d7191f53edcbd.json => MAL-2025-29.json} (69%) rename osv/malicious/npm/jpl-branding/{MAL-0000-ossf-package-analysis-3794063e1fdfda5e.json => MAL-2025-30.json} (65%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index f682fcd3b8..a01310a185 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -fcf3b6d89bdbb2dd5c6ad97834df0f926a8a565f631cb63fa6498c31ea4280c3 \ No newline at end of file +0affa6a1386f7acc3ab617fa43e6752f5377e02322483f75e88e8ec835745202 \ No newline at end of file diff --git a/osv/malicious/npm/cursor-always-local/MAL-0000-ossf-package-analysis-614a7726e7b28996.json b/osv/malicious/npm/cursor-always-local/MAL-2025-27.json similarity index 69% rename from osv/malicious/npm/cursor-always-local/MAL-0000-ossf-package-analysis-614a7726e7b28996.json rename to osv/malicious/npm/cursor-always-local/MAL-2025-27.json index c597840107..3122169d62 100644 --- a/osv/malicious/npm/cursor-always-local/MAL-0000-ossf-package-analysis-614a7726e7b28996.json +++ b/osv/malicious/npm/cursor-always-local/MAL-2025-27.json @@ -2,9 +2,9 @@ "modified": "2025-01-07T15:35:45Z", "published": "2025-01-07T15:35:45Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-27", "summary": "Malicious code in cursor-always-local (npm)", - "details": "The OpenSSF Package Analysis project identified 'cursor-always-local' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (614a7726e7b2899695d56d3b75f1f9179a6fcde5654913693b20e521e476840f)\nThe OpenSSF Package Analysis project identified 'cursor-always-local' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "614a7726e7b2899695d56d3b75f1f9179a6fcde5654913693b20e521e476840f", "import_time": "2025-01-07T15:53:25.268217055Z", "modified_time": "2025-01-07T15:35:45Z", + "sha256": "614a7726e7b2899695d56d3b75f1f9179a6fcde5654913693b20e521e476840f", + "source": "ossf-package-analysis", "versions": [ "1.0.2" ] diff --git a/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-80696b814c9a20ed.json b/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-80696b814c9a20ed.json deleted file mode 100644 index bc85c7c2a1..0000000000 --- a/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-80696b814c9a20ed.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "modified": "2025-01-07T15:35:45Z", - "published": "2025-01-07T15:35:45Z", - "schema_version": "1.5.0", - "id": "", - "summary": "Malicious code in cursor-retrieval (npm)", - "details": "The OpenSSF Package Analysis project identified 'cursor-retrieval' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "cursor-retrieval" - }, - "versions": [ - "1.0.2" - ] - } - ], - "credits": [ - { - "name": "OpenSSF: Package Analysis", - "type": "FINDER", - "contact": [ - "https://github.com/ossf/package-analysis", - "https://openssf.slack.com/channels/package_analysis" - ] - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ossf-package-analysis", - "sha256": "80696b814c9a20ed7aa8c27772abf60d9b33ea85a24eb5699b90c75f802f2fe2", - "import_time": "2025-01-07T15:53:25.353489496Z", - "modified_time": "2025-01-07T15:35:45Z", - "versions": [ - "1.0.2" - ] - } - ] - } -} diff --git a/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-62221769774a8b13.json b/osv/malicious/npm/cursor-retrieval/MAL-2025-28.json similarity index 52% rename from osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-62221769774a8b13.json rename to osv/malicious/npm/cursor-retrieval/MAL-2025-28.json index dae10a63f6..46e067c157 100644 --- a/osv/malicious/npm/cursor-retrieval/MAL-0000-ossf-package-analysis-62221769774a8b13.json +++ b/osv/malicious/npm/cursor-retrieval/MAL-2025-28.json @@ -1,10 +1,10 @@ { - "modified": "2025-01-07T15:17:56Z", + "modified": "2025-01-07T15:53:51Z", "published": "2025-01-07T15:17:56Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-28", "summary": "Malicious code in cursor-retrieval (npm)", - "details": "The OpenSSF Package Analysis project identified 'cursor-retrieval' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (62221769774a8b1379cf87256d847c23b08155088aa7dfd78c01d78ffba5e9ba)\nThe OpenSSF Package Analysis project identified 'cursor-retrieval' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -12,7 +12,8 @@ "name": "cursor-retrieval" }, "versions": [ - "1.0.1" + "1.0.1", + "1.0.2" ] } ], @@ -29,13 +30,22 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "62221769774a8b1379cf87256d847c23b08155088aa7dfd78c01d78ffba5e9ba", "import_time": "2025-01-07T15:53:25.198549801Z", "modified_time": "2025-01-07T15:17:56Z", + "sha256": "62221769774a8b1379cf87256d847c23b08155088aa7dfd78c01d78ffba5e9ba", + "source": "ossf-package-analysis", "versions": [ "1.0.1" ] + }, + { + "import_time": "2025-01-07T15:53:25.353489496Z", + "modified_time": "2025-01-07T15:35:45Z", + "sha256": "80696b814c9a20ed7aa8c27772abf60d9b33ea85a24eb5699b90c75f802f2fe2", + "source": "ossf-package-analysis", + "versions": [ + "1.0.2" + ] } ] } diff --git a/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-1c0d7191f53edcbd.json b/osv/malicious/npm/cursor-shadow-workspace/MAL-2025-29.json similarity index 69% rename from osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-1c0d7191f53edcbd.json rename to osv/malicious/npm/cursor-shadow-workspace/MAL-2025-29.json index b4aea4ec75..f992066d02 100644 --- a/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-1c0d7191f53edcbd.json +++ b/osv/malicious/npm/cursor-shadow-workspace/MAL-2025-29.json @@ -2,9 +2,9 @@ "modified": "2025-01-07T15:36:08Z", "published": "2025-01-07T15:36:08Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-29", "summary": "Malicious code in cursor-shadow-workspace (npm)", - "details": "The OpenSSF Package Analysis project identified 'cursor-shadow-workspace' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (1c0d7191f53edcbd6d8459f64259fb12d6390bc73fffef3e045a073875f0f91f)\nThe OpenSSF Package Analysis project identified 'cursor-shadow-workspace' @ 1.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "1c0d7191f53edcbd6d8459f64259fb12d6390bc73fffef3e045a073875f0f91f", "import_time": "2025-01-07T15:53:25.399169375Z", "modified_time": "2025-01-07T15:36:08Z", + "sha256": "1c0d7191f53edcbd6d8459f64259fb12d6390bc73fffef3e045a073875f0f91f", + "source": "ossf-package-analysis", "versions": [ "1.0.2" ] diff --git a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-3794063e1fdfda5e.json b/osv/malicious/npm/jpl-branding/MAL-2025-30.json similarity index 65% rename from osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-3794063e1fdfda5e.json rename to osv/malicious/npm/jpl-branding/MAL-2025-30.json index a5f686be33..ac78501367 100644 --- a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-3794063e1fdfda5e.json +++ b/osv/malicious/npm/jpl-branding/MAL-2025-30.json @@ -2,9 +2,9 @@ "modified": "2025-01-07T15:05:44Z", "published": "2025-01-07T15:05:44Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-30", "summary": "Malicious code in jpl-branding (npm)", - "details": "The OpenSSF Package Analysis project identified 'jpl-branding' @ 2.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (3794063e1fdfda5e6f34e623a6ff58b9be119adb03e613206f3be17e3a5fd0e9)\nThe OpenSSF Package Analysis project identified 'jpl-branding' @ 2.0.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "3794063e1fdfda5e6f34e623a6ff58b9be119adb03e613206f3be17e3a5fd0e9", "import_time": "2025-01-07T15:53:25.09381726Z", "modified_time": "2025-01-07T15:05:44Z", + "sha256": "3794063e1fdfda5e6f34e623a6ff58b9be119adb03e613206f3be17e3a5fd0e9", + "source": "ossf-package-analysis", "versions": [ "2.0.2" ] From a44b8dea27cacd2637896fb9033e089a34e9d49f Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 16:18:35 +0000 Subject: [PATCH 21/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-a31b5e92c54e6006.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 0ca6487e95..33c71e4cd3 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20250107/094014-npm-electron-builder-13-13.4.5.json + confident/: confident/20250107/102445-npm-electron-builder-13-13.6.5.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json b/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json new file mode 100644 index 0000000000..28cf898a4e --- /dev/null +++ b/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T16:17:48Z", + "published": "2025-01-07T16:17:48Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in cursor-shadow-workspace (npm)", + "details": "The OpenSSF Package Analysis project identified 'cursor-shadow-workspace' @ 1.0.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "cursor-shadow-workspace" + }, + "versions": [ + "1.0.3" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "a31b5e92c54e600697bfe041fe85ea104f7de0c4f1f2151542a6980aa48890bd", + "import_time": "2025-01-07T16:18:30.343177305Z", + "modified_time": "2025-01-07T16:17:48Z", + "versions": [ + "1.0.3" + ] + } + ] + } +} From 25bb42e3a86078312ba989353545133060932ade Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 16:19:18 +0000 Subject: [PATCH 22/32] Assign IDs --- ...ssf-package-analysis-a31b5e92c54e6006.json | 42 ------------------- .../cursor-shadow-workspace/MAL-2025-29.json | 18 ++++++-- 2 files changed, 14 insertions(+), 46 deletions(-) delete mode 100644 osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json diff --git a/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json b/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json deleted file mode 100644 index 28cf898a4e..0000000000 --- a/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "modified": "2025-01-07T16:17:48Z", - "published": "2025-01-07T16:17:48Z", - "schema_version": "1.5.0", - "id": "", - "summary": "Malicious code in cursor-shadow-workspace (npm)", - "details": "The OpenSSF Package Analysis project identified 'cursor-shadow-workspace' @ 1.0.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "cursor-shadow-workspace" - }, - "versions": [ - "1.0.3" - ] - } - ], - "credits": [ - { - "name": "OpenSSF: Package Analysis", - "type": "FINDER", - "contact": [ - "https://github.com/ossf/package-analysis", - "https://openssf.slack.com/channels/package_analysis" - ] - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ossf-package-analysis", - "sha256": "a31b5e92c54e600697bfe041fe85ea104f7de0c4f1f2151542a6980aa48890bd", - "import_time": "2025-01-07T16:18:30.343177305Z", - "modified_time": "2025-01-07T16:17:48Z", - "versions": [ - "1.0.3" - ] - } - ] - } -} diff --git a/osv/malicious/npm/cursor-shadow-workspace/MAL-2025-29.json b/osv/malicious/npm/cursor-shadow-workspace/MAL-2025-29.json index f992066d02..020993fc8e 100644 --- a/osv/malicious/npm/cursor-shadow-workspace/MAL-2025-29.json +++ b/osv/malicious/npm/cursor-shadow-workspace/MAL-2025-29.json @@ -1,5 +1,5 @@ { - "modified": "2025-01-07T15:36:08Z", + "modified": "2025-01-07T16:19:02Z", "published": "2025-01-07T15:36:08Z", "schema_version": "1.5.0", "id": "MAL-2025-29", @@ -12,7 +12,8 @@ "name": "cursor-shadow-workspace" }, "versions": [ - "1.0.2" + "1.0.2", + "1.0.3" ] } ], @@ -29,13 +30,22 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "1c0d7191f53edcbd6d8459f64259fb12d6390bc73fffef3e045a073875f0f91f", "import_time": "2025-01-07T15:53:25.399169375Z", "modified_time": "2025-01-07T15:36:08Z", - "sha256": "1c0d7191f53edcbd6d8459f64259fb12d6390bc73fffef3e045a073875f0f91f", - "source": "ossf-package-analysis", "versions": [ "1.0.2" ] + }, + { + "source": "ossf-package-analysis", + "sha256": "a31b5e92c54e600697bfe041fe85ea104f7de0c4f1f2151542a6980aa48890bd", + "import_time": "2025-01-07T16:18:30.343177305Z", + "modified_time": "2025-01-07T16:17:48Z", + "versions": [ + "1.0.3" + ] } ] } From 04dafe07c6911d6960cb606f8decf8a2cf8aa7da Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 16:43:53 +0000 Subject: [PATCH 23/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-6fc7d792ebeefb0b.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/innocent-package/MAL-0000-ossf-package-analysis-6fc7d792ebeefb0b.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 33c71e4cd3..cd7d3f957d 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20250107/102445-npm-electron-builder-13-13.6.5.json + confident/: confident/20250107/102753-npm-electron-builder-13-13.7.5.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/innocent-package/MAL-0000-ossf-package-analysis-6fc7d792ebeefb0b.json b/osv/malicious/npm/innocent-package/MAL-0000-ossf-package-analysis-6fc7d792ebeefb0b.json new file mode 100644 index 0000000000..40366dfae7 --- /dev/null +++ b/osv/malicious/npm/innocent-package/MAL-0000-ossf-package-analysis-6fc7d792ebeefb0b.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T16:41:34Z", + "published": "2025-01-07T16:41:34Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in innocent-package (npm)", + "details": "The OpenSSF Package Analysis project identified 'innocent-package' @ 1.0.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "innocent-package" + }, + "versions": [ + "1.0.3" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "6fc7d792ebeefb0b83aeaecc6964d6288dced704804e70e6d7531b6a6dffc4a2", + "import_time": "2025-01-07T16:43:45.01911972Z", + "modified_time": "2025-01-07T16:41:34Z", + "versions": [ + "1.0.3" + ] + } + ] + } +} From 85f0f1d81aa117997474b1f1ab39f769f3e3ace7 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 16:44:35 +0000 Subject: [PATCH 24/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-6fc7d792ebeefb0b.json => MAL-2025-31.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/innocent-package/{MAL-0000-ossf-package-analysis-6fc7d792ebeefb0b.json => MAL-2025-31.json} (69%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index a01310a185..30f2b92953 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -0affa6a1386f7acc3ab617fa43e6752f5377e02322483f75e88e8ec835745202 \ No newline at end of file +2531b5dd309787a220b04ec754c54d1a59752a4e142acd9888c71a2afff9cfdb \ No newline at end of file diff --git a/osv/malicious/npm/innocent-package/MAL-0000-ossf-package-analysis-6fc7d792ebeefb0b.json b/osv/malicious/npm/innocent-package/MAL-2025-31.json similarity index 69% rename from osv/malicious/npm/innocent-package/MAL-0000-ossf-package-analysis-6fc7d792ebeefb0b.json rename to osv/malicious/npm/innocent-package/MAL-2025-31.json index 40366dfae7..95c3d0e384 100644 --- a/osv/malicious/npm/innocent-package/MAL-0000-ossf-package-analysis-6fc7d792ebeefb0b.json +++ b/osv/malicious/npm/innocent-package/MAL-2025-31.json @@ -2,9 +2,9 @@ "modified": "2025-01-07T16:41:34Z", "published": "2025-01-07T16:41:34Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-31", "summary": "Malicious code in innocent-package (npm)", - "details": "The OpenSSF Package Analysis project identified 'innocent-package' @ 1.0.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (6fc7d792ebeefb0b83aeaecc6964d6288dced704804e70e6d7531b6a6dffc4a2)\nThe OpenSSF Package Analysis project identified 'innocent-package' @ 1.0.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "6fc7d792ebeefb0b83aeaecc6964d6288dced704804e70e6d7531b6a6dffc4a2", "import_time": "2025-01-07T16:43:45.01911972Z", "modified_time": "2025-01-07T16:41:34Z", + "sha256": "6fc7d792ebeefb0b83aeaecc6964d6288dced704804e70e6d7531b6a6dffc4a2", + "source": "ossf-package-analysis", "versions": [ "1.0.3" ] From dd97be0cc7bcd70f871506c033d1f953feb8763b Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 17:05:24 +0000 Subject: [PATCH 25/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-892fb0c88b76b1c0.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index cd7d3f957d..fc70c88984 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20250107/102753-npm-electron-builder-13-13.7.5.json + confident/: confident/20250107/120555-npm-ecpfs-react-jest-helpers-2.0.1-v1.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json b/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json new file mode 100644 index 0000000000..0709d1cf29 --- /dev/null +++ b/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T16:48:44Z", + "published": "2025-01-07T16:48:44Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in jpl-branding (npm)", + "details": "The OpenSSF Package Analysis project identified 'jpl-branding' @ 2.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "jpl-branding" + }, + "versions": [ + "2.0.5" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "892fb0c88b76b1c0084bc08bac814a9d0f9412bebd8cfef9b8b652919a0159ac", + "import_time": "2025-01-07T17:05:22.021706432Z", + "modified_time": "2025-01-07T16:48:44Z", + "versions": [ + "2.0.5" + ] + } + ] + } +} From a83a7331a9b155d59bac60171ae042e183f54293 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 17:06:02 +0000 Subject: [PATCH 26/32] Assign IDs --- ...ssf-package-analysis-892fb0c88b76b1c0.json | 42 ------------------- .../npm/jpl-branding/MAL-2025-30.json | 18 ++++++-- 2 files changed, 14 insertions(+), 46 deletions(-) delete mode 100644 osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json diff --git a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json b/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json deleted file mode 100644 index 0709d1cf29..0000000000 --- a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "modified": "2025-01-07T16:48:44Z", - "published": "2025-01-07T16:48:44Z", - "schema_version": "1.5.0", - "id": "", - "summary": "Malicious code in jpl-branding (npm)", - "details": "The OpenSSF Package Analysis project identified 'jpl-branding' @ 2.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "jpl-branding" - }, - "versions": [ - "2.0.5" - ] - } - ], - "credits": [ - { - "name": "OpenSSF: Package Analysis", - "type": "FINDER", - "contact": [ - "https://github.com/ossf/package-analysis", - "https://openssf.slack.com/channels/package_analysis" - ] - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ossf-package-analysis", - "sha256": "892fb0c88b76b1c0084bc08bac814a9d0f9412bebd8cfef9b8b652919a0159ac", - "import_time": "2025-01-07T17:05:22.021706432Z", - "modified_time": "2025-01-07T16:48:44Z", - "versions": [ - "2.0.5" - ] - } - ] - } -} diff --git a/osv/malicious/npm/jpl-branding/MAL-2025-30.json b/osv/malicious/npm/jpl-branding/MAL-2025-30.json index ac78501367..4a37998820 100644 --- a/osv/malicious/npm/jpl-branding/MAL-2025-30.json +++ b/osv/malicious/npm/jpl-branding/MAL-2025-30.json @@ -1,5 +1,5 @@ { - "modified": "2025-01-07T15:05:44Z", + "modified": "2025-01-07T17:05:48Z", "published": "2025-01-07T15:05:44Z", "schema_version": "1.5.0", "id": "MAL-2025-30", @@ -12,7 +12,8 @@ "name": "jpl-branding" }, "versions": [ - "2.0.2" + "2.0.2", + "2.0.5" ] } ], @@ -29,13 +30,22 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "3794063e1fdfda5e6f34e623a6ff58b9be119adb03e613206f3be17e3a5fd0e9", "import_time": "2025-01-07T15:53:25.09381726Z", "modified_time": "2025-01-07T15:05:44Z", - "sha256": "3794063e1fdfda5e6f34e623a6ff58b9be119adb03e613206f3be17e3a5fd0e9", - "source": "ossf-package-analysis", "versions": [ "2.0.2" ] + }, + { + "source": "ossf-package-analysis", + "sha256": "892fb0c88b76b1c0084bc08bac814a9d0f9412bebd8cfef9b8b652919a0159ac", + "import_time": "2025-01-07T17:05:22.021706432Z", + "modified_time": "2025-01-07T16:48:44Z", + "versions": [ + "2.0.5" + ] } ] } From 4193a6f0eef5936b1a074e5e8ab561bcc2cad325 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 19:05:09 +0000 Subject: [PATCH 27/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-a1de12e14dd0d0dd.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-a1de12e14dd0d0dd.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index fc70c88984..ccb97e212b 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20250107/120555-npm-ecpfs-react-jest-helpers-2.0.1-v1.json + confident/: confident/20250107/123306-npm-@patternfly-v5/patternfly-1.0.2.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-a1de12e14dd0d0dd.json b/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-a1de12e14dd0d0dd.json new file mode 100644 index 0000000000..2a1e71d23b --- /dev/null +++ b/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-a1de12e14dd0d0dd.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T18:50:52Z", + "published": "2025-01-07T18:50:52Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in jpl-branding (npm)", + "details": "The OpenSSF Package Analysis project identified 'jpl-branding' @ 2.0.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "jpl-branding" + }, + "versions": [ + "2.0.7" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "a1de12e14dd0d0dd4ad7db981fad96e1dbf53c46f88fe30c8637ce87ba6821df", + "import_time": "2025-01-07T19:05:07.234292898Z", + "modified_time": "2025-01-07T18:50:52Z", + "versions": [ + "2.0.7" + ] + } + ] + } +} From fe061b2355e51f442c8b6d75cf69226146276bb7 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 19:05:44 +0000 Subject: [PATCH 28/32] Assign IDs --- ...ssf-package-analysis-a1de12e14dd0d0dd.json | 42 ------------------- .../npm/jpl-branding/MAL-2025-30.json | 14 ++++++- 2 files changed, 12 insertions(+), 44 deletions(-) delete mode 100644 osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-a1de12e14dd0d0dd.json diff --git a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-a1de12e14dd0d0dd.json b/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-a1de12e14dd0d0dd.json deleted file mode 100644 index 2a1e71d23b..0000000000 --- a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-a1de12e14dd0d0dd.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "modified": "2025-01-07T18:50:52Z", - "published": "2025-01-07T18:50:52Z", - "schema_version": "1.5.0", - "id": "", - "summary": "Malicious code in jpl-branding (npm)", - "details": "The OpenSSF Package Analysis project identified 'jpl-branding' @ 2.0.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "jpl-branding" - }, - "versions": [ - "2.0.7" - ] - } - ], - "credits": [ - { - "name": "OpenSSF: Package Analysis", - "type": "FINDER", - "contact": [ - "https://github.com/ossf/package-analysis", - "https://openssf.slack.com/channels/package_analysis" - ] - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ossf-package-analysis", - "sha256": "a1de12e14dd0d0dd4ad7db981fad96e1dbf53c46f88fe30c8637ce87ba6821df", - "import_time": "2025-01-07T19:05:07.234292898Z", - "modified_time": "2025-01-07T18:50:52Z", - "versions": [ - "2.0.7" - ] - } - ] - } -} diff --git a/osv/malicious/npm/jpl-branding/MAL-2025-30.json b/osv/malicious/npm/jpl-branding/MAL-2025-30.json index 4a37998820..6a8eddf94b 100644 --- a/osv/malicious/npm/jpl-branding/MAL-2025-30.json +++ b/osv/malicious/npm/jpl-branding/MAL-2025-30.json @@ -1,5 +1,5 @@ { - "modified": "2025-01-07T17:05:48Z", + "modified": "2025-01-07T19:05:30Z", "published": "2025-01-07T15:05:44Z", "schema_version": "1.5.0", "id": "MAL-2025-30", @@ -13,7 +13,8 @@ }, "versions": [ "2.0.2", - "2.0.5" + "2.0.5", + "2.0.7" ] } ], @@ -46,6 +47,15 @@ "versions": [ "2.0.5" ] + }, + { + "source": "ossf-package-analysis", + "sha256": "a1de12e14dd0d0dd4ad7db981fad96e1dbf53c46f88fe30c8637ce87ba6821df", + "import_time": "2025-01-07T19:05:07.234292898Z", + "modified_time": "2025-01-07T18:50:52Z", + "versions": [ + "2.0.7" + ] } ] } From e85a89aa974154ec7a9241d1815060e1a1c9270a Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 20:05:47 +0000 Subject: [PATCH 29/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-71bfac5a5597cde4.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/hts-open-dex-react-ui/MAL-0000-ossf-package-analysis-71bfac5a5597cde4.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index ccb97e212b..174352ea33 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20250107/123306-npm-@patternfly-v5/patternfly-1.0.2.json + confident/: confident/20250107/150544-npm-jpl-branding-2.0.2.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/hts-open-dex-react-ui/MAL-0000-ossf-package-analysis-71bfac5a5597cde4.json b/osv/malicious/npm/hts-open-dex-react-ui/MAL-0000-ossf-package-analysis-71bfac5a5597cde4.json new file mode 100644 index 0000000000..70d04c8f08 --- /dev/null +++ b/osv/malicious/npm/hts-open-dex-react-ui/MAL-0000-ossf-package-analysis-71bfac5a5597cde4.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T19:51:10Z", + "published": "2025-01-07T19:51:10Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in hts-open-dex-react-ui (npm)", + "details": "The OpenSSF Package Analysis project identified 'hts-open-dex-react-ui' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "hts-open-dex-react-ui" + }, + "versions": [ + "1.0.0" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "71bfac5a5597cde45524360e887ab5bed0c9e5b8c5337ac9c0728b677529de56", + "import_time": "2025-01-07T20:05:44.842180117Z", + "modified_time": "2025-01-07T19:51:10Z", + "versions": [ + "1.0.0" + ] + } + ] + } +} From 9cf672cb32be71d068d4e2f47f2e766577d51928 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 20:06:35 +0000 Subject: [PATCH 30/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-71bfac5a5597cde4.json => MAL-2025-32.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/hts-open-dex-react-ui/{MAL-0000-ossf-package-analysis-71bfac5a5597cde4.json => MAL-2025-32.json} (69%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index 30f2b92953..59b7f9f787 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -2531b5dd309787a220b04ec754c54d1a59752a4e142acd9888c71a2afff9cfdb \ No newline at end of file +42a0312f40357e1b674ef276ef40e4747e4d748c225baf4b689b58a439297507 \ No newline at end of file diff --git a/osv/malicious/npm/hts-open-dex-react-ui/MAL-0000-ossf-package-analysis-71bfac5a5597cde4.json b/osv/malicious/npm/hts-open-dex-react-ui/MAL-2025-32.json similarity index 69% rename from osv/malicious/npm/hts-open-dex-react-ui/MAL-0000-ossf-package-analysis-71bfac5a5597cde4.json rename to osv/malicious/npm/hts-open-dex-react-ui/MAL-2025-32.json index 70d04c8f08..e16c1e4eaa 100644 --- a/osv/malicious/npm/hts-open-dex-react-ui/MAL-0000-ossf-package-analysis-71bfac5a5597cde4.json +++ b/osv/malicious/npm/hts-open-dex-react-ui/MAL-2025-32.json @@ -2,9 +2,9 @@ "modified": "2025-01-07T19:51:10Z", "published": "2025-01-07T19:51:10Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-32", "summary": "Malicious code in hts-open-dex-react-ui (npm)", - "details": "The OpenSSF Package Analysis project identified 'hts-open-dex-react-ui' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (71bfac5a5597cde45524360e887ab5bed0c9e5b8c5337ac9c0728b677529de56)\nThe OpenSSF Package Analysis project identified 'hts-open-dex-react-ui' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "71bfac5a5597cde45524360e887ab5bed0c9e5b8c5337ac9c0728b677529de56", "import_time": "2025-01-07T20:05:44.842180117Z", "modified_time": "2025-01-07T19:51:10Z", + "sha256": "71bfac5a5597cde45524360e887ab5bed0c9e5b8c5337ac9c0728b677529de56", + "source": "ossf-package-analysis", "versions": [ "1.0.0" ] From 37985b783869d1e0ff0437bd45f5b3b4c8c53388 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 21:34:19 +0000 Subject: [PATCH 31/32] Ingest OSV - Cloud Storage --- config/start-keys.yaml | 2 +- ...ssf-package-analysis-e6a313e85b86bd18.json | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 osv/malicious/npm/pre-commit-tasks/MAL-0000-ossf-package-analysis-e6a313e85b86bd18.json diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 174352ea33..156ce23921 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20250107/150544-npm-jpl-branding-2.0.2.json + confident/: confident/20250107/151756-npm-cursor-retrieval-1.0.1.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/pre-commit-tasks/MAL-0000-ossf-package-analysis-e6a313e85b86bd18.json b/osv/malicious/npm/pre-commit-tasks/MAL-0000-ossf-package-analysis-e6a313e85b86bd18.json new file mode 100644 index 0000000000..c2d45ffccb --- /dev/null +++ b/osv/malicious/npm/pre-commit-tasks/MAL-0000-ossf-package-analysis-e6a313e85b86bd18.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T21:21:19Z", + "published": "2025-01-07T21:21:19Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in pre-commit-tasks (npm)", + "details": "The OpenSSF Package Analysis project identified 'pre-commit-tasks' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "pre-commit-tasks" + }, + "versions": [ + "1.0.0" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "e6a313e85b86bd18cc3783b02bd3c22c5ec6a6b1c46356322f3dc714fef382e8", + "import_time": "2025-01-07T21:34:17.534272517Z", + "modified_time": "2025-01-07T21:21:19Z", + "versions": [ + "1.0.0" + ] + } + ] + } +} From 807c4f50c25dc838e09c853052a625783be95a0e Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 21:34:55 +0000 Subject: [PATCH 32/32] Assign IDs --- osv/malicious/.id-allocator | 2 +- ...ge-analysis-e6a313e85b86bd18.json => MAL-2025-33.json} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename osv/malicious/npm/pre-commit-tasks/{MAL-0000-ossf-package-analysis-e6a313e85b86bd18.json => MAL-2025-33.json} (69%) diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator index 59b7f9f787..d2bc8defdf 100644 --- a/osv/malicious/.id-allocator +++ b/osv/malicious/.id-allocator @@ -1 +1 @@ -42a0312f40357e1b674ef276ef40e4747e4d748c225baf4b689b58a439297507 \ No newline at end of file +63643a4cad9a0f03f82e884cfcb74e14040bad3900e4682c6f5f514edfc111d6 \ No newline at end of file diff --git a/osv/malicious/npm/pre-commit-tasks/MAL-0000-ossf-package-analysis-e6a313e85b86bd18.json b/osv/malicious/npm/pre-commit-tasks/MAL-2025-33.json similarity index 69% rename from osv/malicious/npm/pre-commit-tasks/MAL-0000-ossf-package-analysis-e6a313e85b86bd18.json rename to osv/malicious/npm/pre-commit-tasks/MAL-2025-33.json index c2d45ffccb..f63c141287 100644 --- a/osv/malicious/npm/pre-commit-tasks/MAL-0000-ossf-package-analysis-e6a313e85b86bd18.json +++ b/osv/malicious/npm/pre-commit-tasks/MAL-2025-33.json @@ -2,9 +2,9 @@ "modified": "2025-01-07T21:21:19Z", "published": "2025-01-07T21:21:19Z", "schema_version": "1.5.0", - "id": "", + "id": "MAL-2025-33", "summary": "Malicious code in pre-commit-tasks (npm)", - "details": "The OpenSSF Package Analysis project identified 'pre-commit-tasks' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (e6a313e85b86bd18cc3783b02bd3c22c5ec6a6b1c46356322f3dc714fef382e8)\nThe OpenSSF Package Analysis project identified 'pre-commit-tasks' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", "affected": [ { "package": { @@ -29,10 +29,10 @@ "database_specific": { "malicious-packages-origins": [ { - "source": "ossf-package-analysis", - "sha256": "e6a313e85b86bd18cc3783b02bd3c22c5ec6a6b1c46356322f3dc714fef382e8", "import_time": "2025-01-07T21:34:17.534272517Z", "modified_time": "2025-01-07T21:21:19Z", + "sha256": "e6a313e85b86bd18cc3783b02bd3c22c5ec6a6b1c46356322f3dc714fef382e8", + "source": "ossf-package-analysis", "versions": [ "1.0.0" ]