Title: Cxfd197ca1-b64b @ Npm-momnet-2.29.1 · Issue #52 · DefenderForCodeOrg/msft · GitHub
Open Graph Title: Cxfd197ca1-b64b @ Npm-momnet-2.29.1 · Issue #52 · DefenderForCodeOrg/msft
X Title: Cxfd197ca1-b64b @ Npm-momnet-2.29.1 · Issue #52 · DefenderForCodeOrg/msft
Description: Vulnerable Package issue exists @ Npm-momnet-2.29.1 in branch main This package was manually inspected by a security researcher and flagged as malicious About Classifying malicious packages is an internal process, analysis is done at sca...
Open Graph Description: Vulnerable Package issue exists @ Npm-momnet-2.29.1 in branch main This package was manually inspected by a security researcher and flagged as malicious About Classifying malicious packages is an i...
X Description: Vulnerable Package issue exists @ Npm-momnet-2.29.1 in branch main This package was manually inspected by a security researcher and flagged as malicious About Classifying malicious packages is an i...
Opengraph URL: https://github.com/DefenderForCodeOrg/msft/issues/52
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Cxfd197ca1-b64b @ Npm-momnet-2.29.1","articleBody":"**Vulnerable Package** issue exists @ **Npm\\-momnet\\-2\\.29\\.1** in branch **main**\r\n\r\nThis package was manually inspected by a security researcher and flagged as malicious\n### About\n\nClassifying malicious packages is an internal process, analysis is done at scale automatically via multiple engines. Once there's a risk suspicion, this is forwarded to a security researcher for a manual evaluation.\n\nAttackers take advantage of the excessive trust in the open-source ecosystem and launch software supply chain attacks in the form of code packages. \n\nThe risk of having a package with a malicious payload is high. It's a common behavior for most of the malicious payloads to execute itself automatically upon installing or using the package. \n\n\n\nWhile some dependency vulnerabilities have the privilege to be kept as known issue due to risk-management, same does not apply in the case of a malicious package, and it should be removed with the highest priority.\r\n\r\n**Namespace:** James-AST\r\n**Repository:** msft\r\n**Repository Url:** https://github.com/James-AST/msft\r\n**CxAST\\-Project:** James-AST/msft\r\n**CxAST platform scan:** [d217bf9e\\-499c\\-4ae8\\-a115\\-08b6cd62b182](https://ast.checkmarx.net/projects/fada48c7-0c49-472a-994a-763d8a847895/scans?id=d217bf9e-499c-4ae8-a115-08b6cd62b182\u0026branch=main)\r\n**Branch:** main\r\n**Application:** msft\r\n**Severity:** HIGH\r\n**State:** NOT_IGNORED\r\n**Status:** RECURRENT\r\n**CWE:** Malicious Package\r\n\r\n\r\n----\r\n**Addition Info**\r\n","author":{"url":"https://github.com/jbrotsos","@type":"Person","name":"jbrotsos"},"datePublished":"2022-06-16T16:40:05.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/52/msft/issues/52"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:9c141093-56cb-6cc4-118c-4af96c17616f |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | ADAE:3B72BF:13BD88B:1A82CC4:6A5AB66B |
| html-safe-nonce | f6551b4bf49681f78c799cb4835f21a22f9b11238ee73298c3498f1343d8e538 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBREFFOjNCNzJCRjoxM0JEODhCOjFBODJDQzQ6NkE1QUI2NkIiLCJ2aXNpdG9yX2lkIjoiOTAyNDE5MTQ4NzE3ODA5NDE4NyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 30a82d8ee581e03f9844cba83feb8347a52da4f511bb00f5cfafa276fe39a1f1 |
| hovercard-subject-tag | issue:1273823108 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/DefenderForCodeOrg/msft/52/issue_layout |
| twitter:image | https://opengraph.githubassets.com/95f9b69aead038a9882d29784f2c2d59979802b27d70e25845d58dbd8c15c8c1/DefenderForCodeOrg/msft/issues/52 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/95f9b69aead038a9882d29784f2c2d59979802b27d70e25845d58dbd8c15c8c1/DefenderForCodeOrg/msft/issues/52 |
| og:image:alt | Vulnerable Package issue exists @ Npm-momnet-2.29.1 in branch main This package was manually inspected by a security researcher and flagged as malicious About Classifying malicious packages is an i... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | jbrotsos |
| hostname | github.com |
| expected-hostname | github.com |
| None | 2702febe50e53f9152dda552dc2049a5eb182778b2655abd5b8619e82e899b4a |
| turbo-cache-control | no-preview |
| go-import | github.com/DefenderForCodeOrg/msft git https://github.com/DefenderForCodeOrg/msft.git |
| octolytics-dimension-user_id | 83890223 |
| octolytics-dimension-user_login | DefenderForCodeOrg |
| octolytics-dimension-repository_id | 504225335 |
| octolytics-dimension-repository_nwo | DefenderForCodeOrg/msft |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 504225335 |
| octolytics-dimension-repository_network_root_nwo | DefenderForCodeOrg/msft |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | c0211a077f9b056c5e115f996d9049616d85c3b5 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width