{"id":"MAL-2024-131","summary":"Malicious code in pd-ui-kit (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (b46ebcb2f76102916a1ab764b5af360b8c6cdd1dc56a269538132bcc4e307983)\nThe OpenSSF Package Analysis project identified 'pd-ui-kit' @ 1.5.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-06-28T02:53:17Z","published":"2024-01-18T05:30:41Z","database_specific":{"malicious-packages-origins":[{"versions":["1.5.1"],"sha256":"b46ebcb2f76102916a1ab764b5af360b8c6cdd1dc56a269538132bcc4e307983","import_time":"2024-01-18T05:34:01.342338076Z","source":"ossf-package-analysis","modified_time":"2024-01-18T05:30:41Z"},{"versions":["1.5.2"],"sha256":"13b719e4d6572debdb0b19bbc365d81e3d2472307e0b0c28b510a6ff66b33609","import_time":"2024-01-18T06:05:52.90950702Z","source":"ossf-package-analysis","modified_time":"2024-01-18T05:41:15Z"},{"versions":["1.5.3"],"sha256":"8577aba9d50450d277745b23ea4f1f3787892783c33e8a3ef412752dc6da0804","import_time":"2024-01-18T07:05:01.380803744Z","source":"ossf-package-analysis","modified_time":"2024-01-18T06:43:41Z"},{"versions":["1.5.5"],"sha256":"f1803bd4826552362f764a0cdf450449af2fedd9f527cdbe957015265df6449d","import_time":"2024-01-18T07:05:01.323184066Z","source":"ossf-package-analysis","modified_time":"2024-01-18T06:43:32Z"},{"versions":["1.5.4"],"sha256":"f7f1cce471b24c36b9089cfa4c2711283dd150b5f0cbacc93d57f78e96beb085","import_time":"2024-01-18T07:05:01.256442053Z","source":"ossf-package-analysis","modified_time":"2024-01-18T06:42:22Z"},{"id":"RLMA-2024-01570","versions":["1.5.4","1.0.0","1.5.2","1.5.1","1.5.5","1.0.2","1.0.3","1.5.3","1.5.0"],"sha256":"1dbf674ae9a1a0591e55377797c869e4bbf407d392e1fe5bc6af54c3796ee006","import_time":"2024-06-28T02:44:23.330089285Z","source":"reversing-labs","modified_time":"2024-06-25T12:55:35Z"}]},"affected":[{"package":{"name":"pd-ui-kit","ecosystem":"npm","purl":"pkg:npm/pd-ui-kit"},"versions":["1.5.1","1.5.2","1.5.3","1.5.5","1.5.4","1.0.0","1.0.2","1.0.3","1.5.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pd-ui-kit/MAL-2024-131.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}