{"schema_version":"1.7.3","id":"MAL-2025-192424","published":"2025-12-09T09:25:51Z","modified":"2025-12-10T21:28:45.867678Z","summary":"Malicious code in baidu-oscp (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (1707ecb3311268a4753a44190db82280e80d16015e5474475863a3e1487aa5c0)\nThe package baidu-oscp was found to contain malicious code.\n\n## Source: ossf-package-analysis (2758b8fdfed8e0df61c234bf9c6956c5f9970adf98784ba56d0b222b1f8da1a8)\nThe OpenSSF Package Analysis project identified 'baidu-oscp' @ 19.9.31 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","affected":[{"package":{"name":"baidu-oscp","ecosystem":"npm","purl":"pkg:npm/baidu-oscp"},"versions":["19.9.31","19.9.30"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/baidu-oscp/MAL-2025-192424.json"}}],"database_specific":{"malicious-packages-origins":[{"import_time":"2025-12-10T06:10:37.582807781Z","modified_time":"2025-12-09T09:30:36Z","sha256":"2758b8fdfed8e0df61c234bf9c6956c5f9970adf98784ba56d0b222b1f8da1a8","source":"ossf-package-analysis","versions":["19.9.31"]},{"import_time":"2025-12-10T06:10:37.501569117Z","modified_time":"2025-12-09T09:25:51Z","sha256":"88d23e2210f2ea140f4a76edea228612231da650f80248eb3ea54f715c947f19","source":"ossf-package-analysis","versions":["19.9.30"]},{"import_time":"2025-12-10T21:07:51.31142818Z","modified_time":"2025-12-10T21:03:50Z","sha256":"1707ecb3311268a4753a44190db82280e80d16015e5474475863a3e1487aa5c0","source":"amazon-inspector","versions":["19.9.31","19.9.30"]}]},"credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}