VYPR

gem · Malicious package advisory

Malware

puppet-module-posix-system-r3.2

MAL-2023-1436

Malicious code in puppet-module-posix-system-r3.2 (RubyGems)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: ossf-package-analysis (835ce606cd37fa823a80a445ab30dce0ec0005af3a78f9ed7a8d35d63db99474)
The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r3.2' @ 1.0.0 (rubygems) as malicious.

It is considered malicious because:
- The package communicates with a domain associated with malicious activity.

Compromised versions (1)

  • 1.0.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.