MAL-2026-2347

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ctf-package-onetimeuseforctf/MAL-2026-2347.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-2347
Published
2026-03-24T15:41:46Z
Modified
2026-04-07T14:49:32.573960Z
Summary
Malicious code in ctf-package-onetimeuseforctf (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (2d37390fd81ab77282de711d615673122fd18763d31c720135595e40dd32a71b)

The package ctf-package-onetimeuseforctf was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "id": "RLMA-2026-01734",
            "versions": [
                "99.99.99",
                "99.99.999",
                "99.991.999",
                "99.992.999",
                "99.993.999"
            ],
            "import_time": "2026-04-01T12:26:07.491329181Z",
            "modified_time": "2026-03-24T15:41:46Z",
            "sha256": "6abd42d1b405c50944cf25ac6f1eb55ae0ddfb81dc184b9672111da2ab405527"
        },
        {
            "source": "amazon-inspector",
            "versions": [
                "99.99.99",
                "99.99.999",
                "99.991.999",
                "99.992.999",
                "99.993.999"
            ],
            "import_time": "2026-04-07T14:39:18.179129331Z",
            "modified_time": "2026-04-07T14:24:50Z",
            "sha256": "2d37390fd81ab77282de711d615673122fd18763d31c720135595e40dd32a71b"
        }
    ]
}
References
Credits

Affected packages

npm / ctf-package-onetimeuseforctf

Package

Name
ctf-package-onetimeuseforctf
View open source insights on deps.dev
Purl
pkg:npm/ctf-package-onetimeuseforctf

Affected ranges

Affected versions

99.*
99.99.99
99.99.999
99.991.999
99.992.999
99.993.999

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ctf-package-onetimeuseforctf/MAL-2026-2347.json"