MAL-2026-1639

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@uc-platform/advertisement-service-client/MAL-2026-1639.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-1639
Published
2026-03-18T12:34:56Z
Modified
2026-03-23T05:39:58.176360Z
Summary
Malicious code in @uc-platform/advertisement-service-client (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (b168c7f137b260fe9d6fa7c0962aa3ab273f66f1f5bfabe7f0daadeb79ef7323)

The package @uc-platform/advertisement-service-client was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2026-01070",
            "import_time": "2026-03-19T12:18:29.705385409Z",
            "sha256": "cc56737f905dd732606f8eac6962db25c87eab2b507efffe60b3ed03a7874d58",
            "modified_time": "2026-03-18T12:34:56Z",
            "source": "reversing-labs",
            "versions": [
                "99.99.9"
            ]
        },
        {
            "sha256": "b168c7f137b260fe9d6fa7c0962aa3ab273f66f1f5bfabe7f0daadeb79ef7323",
            "import_time": "2026-03-23T05:14:20.070574919Z",
            "source": "amazon-inspector",
            "modified_time": "2026-03-23T05:11:41Z",
            "versions": [
                "99.99.9"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / @uc-platform/advertisement-service-client

Package

Name
@uc-platform/advertisement-service-client
View open source insights on deps.dev
Purl
pkg:npm/%40uc-platform/advertisement-service-client

Affected ranges

Affected versions

99.*
99.99.9

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@uc-platform/advertisement-service-client/MAL-2026-1639.json"