From a83a7331a9b155d59bac60171ae042e183f54293 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 7 Jan 2025 17:06:02 +0000 Subject: [PATCH] Assign IDs --- ...ssf-package-analysis-892fb0c88b76b1c0.json | 42 ------------------- .../npm/jpl-branding/MAL-2025-30.json | 18 ++++++-- 2 files changed, 14 insertions(+), 46 deletions(-) delete mode 100644 osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json diff --git a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json b/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json deleted file mode 100644 index 0709d1cf29..0000000000 --- a/osv/malicious/npm/jpl-branding/MAL-0000-ossf-package-analysis-892fb0c88b76b1c0.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "modified": "2025-01-07T16:48:44Z", - "published": "2025-01-07T16:48:44Z", - "schema_version": "1.5.0", - "id": "", - "summary": "Malicious code in jpl-branding (npm)", - "details": "The OpenSSF Package Analysis project identified 'jpl-branding' @ 2.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", - "affected": [ - { - "package": { - "ecosystem": "npm", - "name": "jpl-branding" - }, - "versions": [ - "2.0.5" - ] - } - ], - "credits": [ - { - "name": "OpenSSF: Package Analysis", - "type": "FINDER", - "contact": [ - "https://github.com/ossf/package-analysis", - "https://openssf.slack.com/channels/package_analysis" - ] - } - ], - "database_specific": { - "malicious-packages-origins": [ - { - "source": "ossf-package-analysis", - "sha256": "892fb0c88b76b1c0084bc08bac814a9d0f9412bebd8cfef9b8b652919a0159ac", - "import_time": "2025-01-07T17:05:22.021706432Z", - "modified_time": "2025-01-07T16:48:44Z", - "versions": [ - "2.0.5" - ] - } - ] - } -} diff --git a/osv/malicious/npm/jpl-branding/MAL-2025-30.json b/osv/malicious/npm/jpl-branding/MAL-2025-30.json index ac78501367..4a37998820 100644 --- a/osv/malicious/npm/jpl-branding/MAL-2025-30.json +++ b/osv/malicious/npm/jpl-branding/MAL-2025-30.json @@ -1,5 +1,5 @@ { - "modified": "2025-01-07T15:05:44Z", + "modified": "2025-01-07T17:05:48Z", "published": "2025-01-07T15:05:44Z", "schema_version": "1.5.0", "id": "MAL-2025-30", @@ -12,7 +12,8 @@ "name": "jpl-branding" }, "versions": [ - "2.0.2" + "2.0.2", + "2.0.5" ] } ], @@ -29,13 +30,22 @@ "database_specific": { "malicious-packages-origins": [ { + "source": "ossf-package-analysis", + "sha256": "3794063e1fdfda5e6f34e623a6ff58b9be119adb03e613206f3be17e3a5fd0e9", "import_time": "2025-01-07T15:53:25.09381726Z", "modified_time": "2025-01-07T15:05:44Z", - "sha256": "3794063e1fdfda5e6f34e623a6ff58b9be119adb03e613206f3be17e3a5fd0e9", - "source": "ossf-package-analysis", "versions": [ "2.0.2" ] + }, + { + "source": "ossf-package-analysis", + "sha256": "892fb0c88b76b1c0084bc08bac814a9d0f9412bebd8cfef9b8b652919a0159ac", + "import_time": "2025-01-07T17:05:22.021706432Z", + "modified_time": "2025-01-07T16:48:44Z", + "versions": [ + "2.0.5" + ] } ] }