{"schema_version":"1.7.5","id":"MAL-2025-192330","published":"2025-12-05T21:10:10Z","modified":"2026-03-19T12:43:36.852374Z","summary":"Malicious code in elf-stats-cranberry-pinecone-878 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (41f51e6ef204472a6da74c31484ee0ae382cf13423ed26fdf88dbde3f9be7c7f)\nThe package elf-stats-cranberry-pinecone-878 was found to contain malicious code.\n","affected":[{"package":{"name":"elf-stats-cranberry-pinecone-878","ecosystem":"npm","purl":"pkg:npm/elf-stats-cranberry-pinecone-878"},"versions":["2.0.0","1.0.50","1.0.1","1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-cranberry-pinecone-878/MAL-2025-192330.json"}}],"database_specific":{"malicious-packages-origins":[{"import_time":"2025-12-05T21:36:15.515076915Z","modified_time":"2025-12-05T21:10:10Z","sha256":"41f51e6ef204472a6da74c31484ee0ae382cf13423ed26fdf88dbde3f9be7c7f","source":"amazon-inspector","versions":["2.0.0","1.0.50"]},{"id":"RLMA-2025-06164","import_time":"2025-12-23T19:07:10.014504959Z","modified_time":"2025-12-23T08:07:14Z","sha256":"4588af8b01a7f8ae0728fe99ff8801f03150e06f189833006c9037f08cfff06e","source":"reversing-labs","versions":["1.0.1","1.0.50","2.0.0"]},{"id":"RLUA-2026-01276","import_time":"2026-03-19T12:20:53.411658685Z","modified_time":"2026-03-18T12:48:36Z","sha256":"4ce27dd17d25accf35c6f15e973fbe4bd66df71046c10bdbc9558b0f1f671f5a","source":"reversing-labs","versions":["1.0.0"]}]},"credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}