Assign IDs

github-actions · github-actions · commit 13b617554c3d · 2025-12-08T16:10:38.000Z
diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator
@@ -1 +1 @@
-90b1ed6268f94a2debd8e6d464e82eb51a789008d68c2e480de65f0bbd3428ed
+313960b575ff12cf4885146a36da94a960591d3555944381f19cf281dd141ba5
diff --git a/osv/malicious/npm/gs-uitk-lodash/MAL-0000-ossf-package-analysis-feecd7d802ec1993.json b/osv/malicious/npm/gs-uitk-lodash/MAL-0000-ossf-package-analysis-feecd7d802ec1993.json
diff --git a/osv/malicious/npm/gs-uitk-lodash/MAL-2025-192377.json b/osv/malicious/npm/gs-uitk-lodash/MAL-2025-192377.json
@@ -1,18 +1,19 @@
 {
-  "modified": "2025-12-08T15:40:53Z",
+  "modified": "2025-12-08T16:10:15Z",
   "published": "2025-12-08T15:40:53Z",
   "schema_version": "1.7.4",
-  "id": "",
+  "id": "MAL-2025-192377",
   "summary": "Malicious code in gs-uitk-lodash (npm)",
-  "details": "The OpenSSF Package Analysis project identified 'gs-uitk-lodash' @ 35.3.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (c89a6d85d1019b9d98f88e94d18fd4ec4ae045bd6f941941e9bdde517a749fdd)\nThe OpenSSF Package Analysis project identified 'gs-uitk-lodash' @ 35.3.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
   "affected": [
     {
       "package": {
         "ecosystem": "npm",
         "name": "gs-uitk-lodash"
       },
       "versions": [
-        "35.3.3"
+        "35.3.3",
+        "35.9.9"
       ]
     }
   ],
@@ -29,13 +30,22 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
-        "source": "ossf-package-analysis",
-        "sha256": "c89a6d85d1019b9d98f88e94d18fd4ec4ae045bd6f941941e9bdde517a749fdd",
         "import_time": "2025-12-08T16:08:29.958933342Z",
         "modified_time": "2025-12-08T15:40:53Z",
+        "sha256": "c89a6d85d1019b9d98f88e94d18fd4ec4ae045bd6f941941e9bdde517a749fdd",
+        "source": "ossf-package-analysis",
         "versions": [
           "35.3.3"
         ]
+      },
+      {
+        "import_time": "2025-12-08T16:08:30.077469565Z",
+        "modified_time": "2025-12-08T16:06:53Z",
+        "sha256": "feecd7d802ec19931f6a91819521c5409d84adc3ee12e026f16c3f2df1384d9c",
+        "source": "ossf-package-analysis",
+        "versions": [
+          "35.9.9"
+        ]
       }
     ]
   }

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-90b1ed6268f94a2debd8e6d464e82eb51a789008d68c2e480de65f0bbd3428ed`
	`1`	`+313960b575ff12cf4885146a36da94a960591d3555944381f19cf281dd141ba5`
Original file line number	Diff line number	Diff line change
`@@ -1,18 +1,19 @@`
`1`	`1`	`{`
`2`		`- "modified": "2025-12-08T15:40:53Z",`
	`2`	`+ "modified": "2025-12-08T16:10:15Z",`
`3`	`3`	`"published": "2025-12-08T15:40:53Z",`
`4`	`4`	`"schema_version": "1.7.4",`
`5`		`- "id": "",`
	`5`	`+ "id": "MAL-2025-192377",`
`6`	`6`	`"summary": "Malicious code in gs-uitk-lodash (npm)",`
`7`		`- "details": "The OpenSSF Package Analysis project identified 'gs-uitk-lodash' @ 35.3.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",`
	`7`	`+ "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (c89a6d85d1019b9d98f88e94d18fd4ec4ae045bd6f941941e9bdde517a749fdd)\nThe OpenSSF Package Analysis project identified 'gs-uitk-lodash' @ 35.3.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",`
`8`	`8`	`"affected": [`
`9`	`9`	`{`
`10`	`10`	`"package": {`
`11`	`11`	`"ecosystem": "npm",`
`12`	`12`	`"name": "gs-uitk-lodash"`
`13`	`13`	`},`
`14`	`14`	`"versions": [`
`15`		`- "35.3.3"`
	`15`	`+ "35.3.3",`
	`16`	`+ "35.9.9"`
`16`	`17`	`]`
`17`	`18`	`}`
`18`	`19`	`],`
`@@ -29,13 +30,22 @@`
`29`	`30`	`"database_specific": {`
`30`	`31`	`"malicious-packages-origins": [`
`31`	`32`	`{`
`32`		`- "source": "ossf-package-analysis",`
`33`		`- "sha256": "c89a6d85d1019b9d98f88e94d18fd4ec4ae045bd6f941941e9bdde517a749fdd",`
`34`	`33`	`"import_time": "2025-12-08T16:08:29.958933342Z",`
`35`	`34`	`"modified_time": "2025-12-08T15:40:53Z",`
	`35`	`+ "sha256": "c89a6d85d1019b9d98f88e94d18fd4ec4ae045bd6f941941e9bdde517a749fdd",`
	`36`	`+ "source": "ossf-package-analysis",`
`36`	`37`	`"versions": [`
`37`	`38`	`"35.3.3"`
`38`	`39`	`]`
	`40`	`+ },`
	`41`	`+ {`
	`42`	`+ "import_time": "2025-12-08T16:08:30.077469565Z",`
	`43`	`+ "modified_time": "2025-12-08T16:06:53Z",`
	`44`	`+ "sha256": "feecd7d802ec19931f6a91819521c5409d84adc3ee12e026f16c3f2df1384d9c",`
	`45`	`+ "source": "ossf-package-analysis",`
	`46`	`+ "versions": [`
	`47`	`+ "35.9.9"`
	`48`	`+ ]`
`39`	`49`	`}`
`40`	`50`	`]`
`41`	`51`	`}`