{"id":"MAL-2024-10310","summary":"Malicious code in @captivateiq/events (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (8fc4737a464a63150ee660fef685ac907d15745ab89d4dea2872f3896362f599)\nThe OpenSSF Package Analysis project identified '@captivateiq/events' @ 19.3.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2024-11-02T23:35:12Z","published":"2024-11-02T20:19:14Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2024-11-02T20:19:14Z","import_time":"2024-11-02T20:34:28.896831442Z","versions":["1.0.0"],"sha256":"de34c3e6a90854a18935e1aa2147bc881174a3a3fe9a7821246ca63e61ae4d8c","source":"ossf-package-analysis"},{"modified_time":"2024-11-02T21:42:46Z","import_time":"2024-11-02T22:05:55.83630091Z","versions":["19.3.9"],"sha256":"8fc4737a464a63150ee660fef685ac907d15745ab89d4dea2872f3896362f599","source":"ossf-package-analysis"},{"modified_time":"2024-11-02T22:14:11Z","import_time":"2024-11-02T22:35:36.794192241Z","versions":["20.3.9"],"sha256":"104e5fc106ccda2bfeb62d02a20d4bca1252ab9ecf230103cdd5c172d36a1ba6","source":"ossf-package-analysis"},{"modified_time":"2024-11-02T22:21:07Z","import_time":"2024-11-02T22:35:36.975113719Z","versions":["21.3.9"],"sha256":"a47260c801490a72e06685a14c5338f2c083fc7d7e4f65b5e3c9c52c62497d09","source":"ossf-package-analysis"},{"modified_time":"2024-11-02T23:22:18Z","import_time":"2024-11-02T23:34:44.656409514Z","versions":["22.3.9"],"sha256":"d7de5c434188b0a7777a1a05ae80ae274fd2355b203931556ed22dc84db5862e","source":"ossf-package-analysis"}]},"affected":[{"package":{"name":"@captivateiq/events","ecosystem":"npm","purl":"pkg:npm/%40captivateiq/events"},"versions":["1.0.0","19.3.9","20.3.9","21.3.9","22.3.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@captivateiq/events/MAL-2024-10310.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}