MAL-2026-4596

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/koishi-plugin-yuan/MAL-2026-4596.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4596
Withdrawn
2026-05-26T22:13:04Z
Published
2026-05-25T18:11:27Z
Modified
2026-05-27T00:32:04.202979246Z
Summary
Malicious code in koishi-plugin-yuan (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533)

koishi-plugin-yuan exposes an HTTP endpoint (/api/bind-cookie) that accepts Bilibili user cookies (including SESSDATA and bili_jct) and forwards them via fetch() to http://47.117.27.240:3000/api/convert — a hardcoded, non-configurable destination on the author's server, sent in cleartext (no TLS). Bot command prompts additionally direct end users to http://47.117.27.240:5000/ to obtain a binding code, ensuring every Bilibili cookie bound through any deployment of this plugin transits the author's infrastructure. Operators deploying this Koishi plugin become an unwitting silent-relay: their users' Bilibili session credentials are exfiltrated to the author with no opt-out, no disclosure in code-visible documentation, and no transport security. The author has end-to-end visibility into every bound cookie, and any network-position attacker on the path can also observe them due to the lack of TLS.

Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-05-25T18:11:27Z",
            "versions": [
                "1.7.0"
            ],
            "sha256": "ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533",
            "id": "IN-MAL-2026-004750",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:53:12.714185878Z"
        }
    ]
}
References
Credits

Affected packages

npm / koishi-plugin-yuan

Package

Name
koishi-plugin-yuan
View open source insights on deps.dev
Purl
pkg:npm/koishi-plugin-yuan

Affected ranges

Affected versions

1.*
1.7.0

Database specific

indicators 
{
    "evidence_files": [
        {
            "sha256": "27e3d806950d5e8669cb4e9ad9331573e16098af1806d3033ce0d68032a1f033",
            "tlsh": "44a3c66c61fb143104a7f0a99d6b25037624991b314eed2afafca7d07f08525c5b2fac",
            "path": "lib/index.cjs"
        }
    ],
    "package_integrity": [
        {
            "filename": "koishi-plugin-yuan-1.7.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-+oWmfvGSBJpOvEvQUe9ZtDaY6NR7+6MidJvL494aWoDw16SJi4S/q7vT1zBBfS4Ntv0+2QRieX4fgeywuKD5cA==",
                "sha1": "9f3c1ade9b18551d46c058d976443aefd22794a7"
            }
        }
    ]
}
source 
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/koishi-plugin-yuan/MAL-2026-4596.json"
cwes 
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]