MAL-2026-3747
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@aiscene/aiserver/MAL-2026-3747.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-3747
- Published
- 2026-05-14T18:32:53Z
- Modified
- 2026-06-16T02:31:45.594549570Z
- Summary
- Malicious code in @aiscene/aiserver (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (5afe7de709fb18909451ff49a02f133f248fb0dc0688709251c924038effc6dc)
On load, dist/index.js unconditionally instantiates
new AIServer()and callsserver.start()at module top level (norequire.main === moduleguard), so simply runningnode dist/index.js, invoking the package's bin, orrequire('@aiscene/aiserver')from another module immediately launches a network-talking server in the consumer's process. That server registers with the hardcoded URLhttp://nethp-test.jd.com/rest/execution-nodes/register(plain HTTP, not configurable in code) and continuously long-pollshttp://nethp-test.jd.com/rest/execution-queue/tasks/next. Tasks returned by that endpoint carry anaturalLanguage/codefield which dist/executor/code-executor.js compiles and runs vianew (async function(){}).constructor(instrumentedCode)inside a forked worker — i.e. arbitrary JavaScript supplied by the remote control plane is executed in the installer's process. dist/node/service.js additionally POSTs the installer'sos.hostname(), local non-internal IPv4 addresses fromos.networkInterfaces(), and connected device info to the same host every ~30 seconds with no opt-in or override. Because the control-plane URL is hardcoded and served over plaintext HTTP, any non-JD installer (and any on-path attacker on the network between the installer and that host) gains unauthenticated remote code execution on the installer's machine. dist/config/index.js and dist/.env also ship a hardcodedmodelservice.jdcloud.comAPI key (pk-485b2b56-...) used as the default for three model slots; this is author self-harm against the author's own JD Cloud quota and is not the basis for the block. - Database specific
{ "malicious-packages-origins": [ { "id": "IN-MAL-2026-002632", "import_time": "2026-05-15T07:37:15.112435495Z", "versions": [ "1.4.1" ], "source": "amazon-inspector", "sha256": "542fdb1c23b52adda0ed5164b65c9768aef7a5edd45473f9cd3ceab3065b1bb3", "modified_time": "2026-05-14T19:24:35Z" }, { "id": "IN-MAL-2026-002625", "import_time": "2026-05-15T07:37:14.970899998Z", "source": "amazon-inspector", "versions": [ "1.4.1" ], "sha256": "b8772926757dd2f3d75d503257ff9c1822e742eb6cf07d854bdeaff318df51e1", "modified_time": "2026-05-14T18:32:53Z" }, { "id": "IN-MAL-2026-003798", "import_time": "2026-05-26T05:51:20.083590314Z", "versions": [ "1.5.8" ], "source": "amazon-inspector", "modified_time": "2026-05-21T10:03:03Z", "sha256": "aa631dd2665aebfcea3b06f58fa2d5db32cecb1faad6efd93331e0df131a7314" }, { "id": "IN-MAL-2026-005802", "import_time": "2026-06-12T19:43:35.003724588Z", "versions": [ "1.7.0" ], "source": "amazon-inspector", "sha256": "4944087c405a4af48bf2a68e313e739b737d5b614df65dc8df58704743cd1681", "modified_time": "2026-06-12T19:02:13Z" }, { "id": "IN-MAL-2026-006682", "import_time": "2026-06-15T20:14:27.34661461Z", "versions": [ "1.7.4" ], "source": "amazon-inspector", "sha256": "5afe7de709fb18909451ff49a02f133f248fb0dc0688709251c924038effc6dc", "modified_time": "2026-06-15T19:45:04Z" }, { "id": "IN-MAL-2026-006742", "import_time": "2026-06-16T02:23:12.222475164Z", "source": "amazon-inspector", "versions": [ "1.7.5" ], "sha256": "32fbb466e5e016da6349257f11d47dfa96598d3ddb17c87f27082070e6893b95", "modified_time": "2026-06-16T02:18:35Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / @aiscene/aiserver
Package
- Name
- @aiscene/aiserver
- View open source insights on deps.dev
- Purl
- pkg:npm/%40aiscene%2Faiserver
Database specific
cwes
[
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
}
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@aiscene/aiserver/MAL-2026-3747.json"
indicators
{
"package_integrity": [
{
"filename": "aiserver-1.4.1.tgz",
"hashes": {
"sha1": "c87a013772a14d93294a093836d1365f483a5f7a",
"sha512_sri": "sha512-n/nMX6rwghwFKzUOEI4n7oCGmHECwxT+CpIOMdyEdk95PiE8cEvgfkMtXe/BjJfuxvD3lU0859TnuDTVDSAzdQ=="
}
}
],
"evidence_files": [
{
"path": "dist/task/poller.js",
"sha256": "549338b82d3738c5f2d7895adc9c9fbe95b246742b71b5c25ae5a1e122f76d5a",
"tlsh": "0ad1549b27eb0433dba364e8cf9302013d3199473f4ad8587b5c5370af4516892e9faa"
},
{
"path": "dist/node/service.js",
"sha256": "14cbd94159bca39029d4ab2fa6242a0a3a57d45cb8b8ad25ee8c3cdd66e46f12",
"tlsh": "9ce10e4f1fff542b4ab224ad6e0b12117a279103220ac974bbdd63815f8296ce675bf4"
},
{
"path": "dist/config/index.js",
"sha256": "7c3ed2e832e11ff32796e51edc0a52b31622cdf874ab0ae5fc1b397eaeff5289",
"tlsh": "0c8135ae496e5453245ac85897ff0003ef71abc73d46b8a0b68c2b0c2f5e90ce17579e"
}
],
"domains": [
"nethp-test.jd.com"
]
}