MAL-2026-4747

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/edison-tools/MAL-2026-4747.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4747
Withdrawn
2026-05-26T21:29:31Z
Published
2026-05-25T22:32:48Z
Modified
2026-05-27T00:32:10.042268286Z
Summary
Malicious code in edison-tools (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7)

At pip install time, setup.py reads the EDISON_QUERY environment variable from the installer's environment and POSTs it to https://edison-k8.vercel.app/query, an author-controlled Vercel endpoint that proxies requests to Google Gemini. The HTTP response is written verbatim into edison_tools/data.py and exposed through the package's public query() API. Two distinct installer-side harms: (1) install-time outbound network with no opt-in, carrying any value the user has placed in EDISON_QUERY to the author's infrastructure; (2) the advertised query() function silently relays caller-supplied prompts through the author's hardcoded Vercel endpoint, meaning every consumer of the API funnels their queries (and any sensitive content therein) through the author's account, where they can be logged or modified. The destination, model selection, and account credentials are not configurable — the relay is the package's only mechanism. This matches the silent-relay pattern: normal use of the documented API leaks caller-supplied data to a hardcoded third-party destination.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.1.16"
            ],
            "sha256": "6cd7720e280f30a1f1bd0abcf852773433c1b7b5dea2644f0115d26c6b32c1c6",
            "modified_time": "2026-05-25T23:02:46Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-004789",
            "import_time": "2026-05-26T05:53:17.070203319Z"
        },
        {
            "versions": [
                "0.1.15"
            ],
            "sha256": "9beb62fe1d724d01013dd33f1a9a81c6f7ba2633a743f2d309255a5db6f9c47a",
            "modified_time": "2026-05-25T23:02:50Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-004793",
            "import_time": "2026-05-26T05:53:17.493092876Z"
        },
        {
            "versions": [
                "0.1.13"
            ],
            "sha256": "a3ad372a3654885f96211b8b52f6ccfbd175eb1e058d80298510977cc9a58a40",
            "modified_time": "2026-05-25T22:32:48Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-004783",
            "import_time": "2026-05-26T05:53:16.41905842Z"
        },
        {
            "versions": [
                "0.1.22"
            ],
            "sha256": "a4253ecedd23f08a9811050e2e9baf04b4b286ab4d7f8502dd78f98d989dae07",
            "modified_time": "2026-05-25T23:32:53Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-004798",
            "import_time": "2026-05-26T05:53:18.036253437Z"
        },
        {
            "versions": [
                "0.1.13"
            ],
            "sha256": "b9a1d7c28c03b928aed4a199fa84be49c9738b20af4046bbbcafdc0c0e067359",
            "modified_time": "2026-05-25T22:32:48Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-004784",
            "import_time": "2026-05-26T05:53:16.530048546Z"
        },
        {
            "versions": [
                "0.1.17"
            ],
            "sha256": "c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7",
            "source": "amazon-inspector",
            "modified_time": "2026-05-25T23:02:48Z",
            "id": "IN-MAL-2026-004790",
            "import_time": "2026-05-26T05:53:17.166888816Z"
        },
        {
            "versions": [
                "0.1.15"
            ],
            "sha256": "d65d9f3a130fab5042590792c7f1188d89f651a80d7900f3ef06c763fbed2ec5",
            "modified_time": "2026-05-25T23:02:50Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-004792",
            "import_time": "2026-05-26T05:53:17.35598976Z"
        },
        {
            "versions": [
                "0.1.16"
            ],
            "sha256": "daf5c6af6e8e5d7fc4d418fdb27cf3dc4282cb1b8783fb2788948fce9cf046fe",
            "modified_time": "2026-05-25T23:02:45Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-004788",
            "import_time": "2026-05-26T05:53:16.97779052Z"
        },
        {
            "versions": [
                "0.1.17"
            ],
            "sha256": "9a53a5b561428a99d075d87fb1844c5ded02b566e9feb2b7ad442d0ff4c5d729",
            "modified_time": "2026-05-25T23:02:48Z",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:53:17.262351437Z",
            "id": "IN-MAL-2026-004791"
        }
    ]
}
References
Credits

Affected packages

PyPI / edison-tools

Package

Affected ranges

Affected versions

0.*
0.1.13
0.1.15
0.1.16
0.1.17
0.1.22

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "edison_tools-0.1.13-py3-none-any.whl",
            "hashes": {
                "sha256": "fb0586998ac14514648bc76674e4218830be8b5a82364eda5570a569f808566d",
                "md5": "922b470796d9a71a51aa59a6eecefb8c",
                "blake2b_256": "9a2dd7b3c26d193852bd561beb3996ebce7024745dd2cbcd9c9a0e1a40cc031f"
            }
        },
        {
            "filename": "edison_tools-0.1.13.tar.gz",
            "hashes": {
                "sha256": "d491422733f32efb3f723dd1778b12f8d39103284e56aaed675a9d7a39ba9166",
                "md5": "74c037e253c2e336c45ec58ffa97c408",
                "blake2b_256": "51af07199677b642434aab60a684cb862d3dd44c5c6127e77d5879614131505a"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "412d7e6db4fad778fab0a18dc8a4c6f5811c09e31ead1a17433cec84fb42d0dd",
            "path": "setup.py",
            "tlsh": "9e11020a40a31870e9e7d7f5847b35913522e9173e04b45c78de16d40f4f065a653495"
        },
        {
            "sha256": "31bd0bcea6def6150b6766a474d63b49e1b473c256c3567f5848d26f9de42a6f",
            "path": "PKG-INFO",
            "tlsh": "1a90020092116071c4299a8700588744c2f41b4675ae14bd88575ed1938b14c6050130"
        }
    ],
    "domains": [
        "edison-k8.vercel.app"
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/edison-tools/MAL-2026-4747.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]