{"id":"MAL-2024-10311","summary":"Malicious code in @captivateiq/handsontable-ciq (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (ff5087a0a343a66ce310683b4fd7d9e169476f92ada3408d8dcc63fa1da6645a)\nThe OpenSSF Package Analysis project identified '@captivateiq/handsontable-ciq' @ 152.1.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2024-11-02T23:35:12Z","published":"2024-11-02T20:47:02Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","sha256":"599a5852b9eda74d5a6332139849d2d1453f122369ec02b7629e4ea77af243bf","import_time":"2024-11-02T21:05:03.188954542Z","modified_time":"2024-11-02T20:47:02Z","versions":["1.0.0"]},{"source":"ossf-package-analysis","sha256":"ff5087a0a343a66ce310683b4fd7d9e169476f92ada3408d8dcc63fa1da6645a","import_time":"2024-11-02T22:05:55.908762734Z","modified_time":"2024-11-02T21:44:50Z","versions":["152.1.5"]},{"source":"ossf-package-analysis","sha256":"854e1d67a15c62ccd0e73b5672cd5a1c611e64a8ca86961ba1977c72d976a568","import_time":"2024-11-02T22:35:36.716793051Z","modified_time":"2024-11-02T22:14:05Z","versions":["153.1.5"]},{"source":"ossf-package-analysis","sha256":"f53432c1402ee41d9fcee3fc122e437bbc2817a27d5dbca2561afdb8b58aa33a","import_time":"2024-11-02T22:35:36.88147619Z","modified_time":"2024-11-02T22:21:01Z","versions":["155.1.5"]},{"source":"ossf-package-analysis","sha256":"999c0da4aea46106a2f1be4f94ff05502f231eb6051e14c4854b7ff1dcb7fab8","import_time":"2024-11-02T23:34:44.570164379Z","modified_time":"2024-11-02T23:22:13Z","versions":["156.1.5"]}]},"affected":[{"package":{"name":"@captivateiq/handsontable-ciq","ecosystem":"npm","purl":"pkg:npm/%40captivateiq/handsontable-ciq"},"versions":["1.0.0","152.1.5","153.1.5","155.1.5","156.1.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@captivateiq/handsontable-ciq/MAL-2024-10311.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}