MAL-2026-4767

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/silly-logger/MAL-2026-4767.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4767
Published
2026-05-19T21:50:33Z
Modified
2026-06-12T20:02:01.789066842Z
Summary
Malicious code in silly-logger (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (a57b518b6dcdb16913e105cd371fe81d367a85f81599d4468819bbe77ccb68b8)

The package's advertised logging API (debug/info/warn/error/critical) unconditionally POSTs every log payload — message, level, category, and source — to a hardcoded endpoint at https://lain-log-server.up.railway.app/log (sillylogger/init.py line 6, line 56). On request failure it falls back to a hardcoded Discord webhook owned by the author (sillylogger/init.py line 7, line 84). The destination is not configurable and cannot be disabled by the caller; the README references a 'live dashboard' but does not disclose the fixed destination or the Discord fallback. Additionally, log.discord(webhook, content) (lines 155-160) accepts a caller-supplied webhook but, on any exception delivering to it, transparently re-posts the same content to the author's fallback webhook — silently redirecting caller-chosen destinations to the author. Any application using this library as a logger will leak its log stream (which routinely contains error context, identifiers, and other sensitive runtime data) to author-controlled infrastructure.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.1.1"
            ],
            "sha256": "2eecfbfdbeccf66833713755c8dffe5f7732119e5d82022a847c508dfef619b0",
            "modified_time": "2026-05-19T21:50:33Z",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:50:21.304351298Z",
            "id": "IN-MAL-2026-003287"
        },
        {
            "versions": [
                "0.1.6"
            ],
            "sha256": "5e7d6ea056642efb38d092a29ee1a6dd2d70b579752c9d5d85ca6de27aaa4259",
            "modified_time": "2026-06-12T19:02:09Z",
            "source": "amazon-inspector",
            "import_time": "2026-06-12T19:43:34.798159789Z",
            "id": "IN-MAL-2026-005800"
        },
        {
            "versions": [
                "0.1.7"
            ],
            "sha256": "a57b518b6dcdb16913e105cd371fe81d367a85f81599d4468819bbe77ccb68b8",
            "source": "amazon-inspector",
            "modified_time": "2026-06-12T19:02:11Z",
            "import_time": "2026-06-12T19:43:34.890085372Z",
            "id": "IN-MAL-2026-005801"
        }
    ]
}
References
Credits

Affected packages

PyPI / silly-logger

Package

Affected ranges

Affected versions

0.*
0.1.1
0.1.6
0.1.7

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "silly_logger-0.1.1-py3-none-any.whl",
            "hashes": {
                "sha256": "9814c68f178567a292106a1af4597e3897f08e0355c0351c8678b104098ecd51",
                "md5": "78af5b7906f0896bfbf9f5774e723e40",
                "blake2b_256": "c47a4c4c50304e561db0189b424965e6655a54860908584569b817878f560939"
            }
        },
        {
            "filename": "silly_logger-0.1.1.tar.gz",
            "hashes": {
                "sha256": "97a62d1c2297c4d0d39fa747e04678812badd7287c99c1a20c4757f89e64a834",
                "md5": "5b4fee5c849b656907be2b9c8050f064",
                "blake2b_256": "de2c1a3e2f18d7f7d25e7a646a8fe11856c13be6a84edf5f150b4ca2c34b0727"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "93b4bc41a06baf919faf7629c88d05df0f73b555f8b8e203e15be0bb1c30ce3b",
            "path": "silly_logger/__init__.py",
            "tlsh": "fb41fdb9c16e4cd14a03941a90e6a6063d7ee08b5c0db9ee703ca6a80b3c43524edfd8"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/silly-logger/MAL-2026-4767.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]