MAL-2026-3395

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/coral-dev-proxy/MAL-2026-3395.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-3395
Published
2026-05-08T14:36:47Z
Modified
2026-05-12T07:56:26.325358Z
Summary
Malicious code in coral-dev-proxy (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (938459f8d0b02585c73f8dedee34a7e499784f290f4c9cabf61706eeda5bbfe1)

The package coral-dev-proxy was found to contain malicious code.

Source: ossf-package-analysis (43201e77d986713200b2c3f3de10a94b94d87a3d86183e8c6a203533fc32346f)

The OpenSSF Package Analysis project identified 'coral-dev-proxy' @ 99.9.2 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "43201e77d986713200b2c3f3de10a94b94d87a3d86183e8c6a203533fc32346f",
            "versions": [
                "99.9.2"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2026-05-08T14:36:47Z",
            "import_time": "2026-05-08T14:40:48.450380192Z"
        },
        {
            "sha256": "72404a2fb27337386b313984f096fd93c14ba8fad384d1881772c6b3b725c5c4",
            "versions": [
                "99.9.3"
            ],
            "source": "ossf-package-analysis",
            "modified_time": "2026-05-08T14:41:51Z",
            "import_time": "2026-05-08T15:37:22.084180016Z"
        },
        {
            "sha256": "938459f8d0b02585c73f8dedee34a7e499784f290f4c9cabf61706eeda5bbfe1",
            "versions": [
                "99.9.2",
                "99.9.3"
            ],
            "source": "amazon-inspector",
            "modified_time": "2026-05-12T06:53:21Z",
            "import_time": "2026-05-12T07:28:54.82153376Z"
        }
    ]
}
References
Credits

Affected packages

npm / coral-dev-proxy

Package

Affected ranges

Affected versions

99.*
99.9.2
99.9.3

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/coral-dev-proxy/MAL-2026-3395.json"