Lucene search
GoogleOSV:MAL-2024-992HistoryFeb 12, 2024 - 1:31 a.m.
Malicious code in en-calendar (npm)
2024-02-1201:31:58
Google
osv.dev
6
malicious
en-calendar
npm
package
command execution
7.4 High
AI Score
Confidence
High
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (0cc66d6eb2f773deb786b69bc29863caf4091bd2bd1f9fe0b7fdaa6fe14aca89)
The OpenSSF Package Analysis project identified βen-calendarβ @ 1.0.1 (npm) as malicious.
It is considered malicious because:
- The package executes one or more commands associated with malicious behavior.
| CPE | Name | Operator | Version |
|---|---|---|---|
| en-calendar | eq | 1.0.1 | |
| en-calendar | eq | 3.3.9991 | |
| en-calendar | eq | 3.3.99991 | |
| en-calendar | eq | 1.0.2 | |
| en-calendar | eq | 3.3.999 |
7.4 High
AI Score
Confidence
High