THREATPKG
SYNC STALE
Supply-chain threat intelligence
Incident detail
Risk score
92
AI summary
Indexed incident for vg-interaction-model (npm).
Description
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (aba91a5b2aeb99e94b28109825a7ac069669d39c12c118fd37d9ef70afe63261)
The OpenSSF Package Analysis project identified 'vg-interaction-model' @ 40.0.1 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
Technical details
Affected versions
<function fixed() { [native code] }
Indicators
- affected_version<function fixed() { [native code] }75%
- affected_version<function fixed() { [native code] }75%
Timeline
- Advisory published
- Indexed by ThreatPkg
Related incidents
- Malicious code in fundraiserserv (npm)fundraiserserv92
- Malicious code in sourceflow-tracker (npm)sourceflow-tracker92
- Malicious code in page-info-service (npm)page-info-service92
- Malicious code in po-ops-local-dev (npm)po-ops-local-dev92
- Malicious code in @att-ebiz/abs-components-bc (npm)@att-ebiz/abs-components-bc92