MAL-2026-4564
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39)
dist/common/instrument.js calls Sentry.init() at module top level with a hardcoded DSN pointing at the author's Sentry project (o4511257159139328.ingest.us.sentry.io/4511257262161920), with tracesSampleRate and profilesSampleRate both set to 1.0. Because dist/index.js re-exports this module via __exportStar, any consumer that does require('finup-mongo-library') (or imports it in a NestJS app, the package's stated purpose) globally configures the Sentry SDK singleton in their Node.js process. From that point onward, all uncaught exceptions, performance traces, and profiles produced by the consumer's application — which routinely include stack frames, source file paths, request URLs, query parameters, and incidental PII captured in error context — are shipped to a Sentry account the author controls, with no caller opt-in and no documented disclosure. This is a silent-relay shape: the destination is hardcoded by the author, the trigger is module import, and the data flowing out is the consumer's application telemetry, not the package's own. A separately-shipped HttpExceptionFilter additionally POSTs request bodies to a Telegram bot URL, but that destination is read from consumer env vars, so it is opt-in and not part of the relay finding.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "dist/common/instrument.js",
"sha256": "a54e764ec038c972d9bcde6d5eaebbcc0918ca3d00ed2d5877f07d1bbdb7c23e",
"tlsh": "7231858679f9f95190b224bc6bbf8006fab40533006cf010b76cc7f42f6245562ecd9a"
}
],
"package_integrity": [
{
"filename": "finup-mongo-library-4.0.1.tgz",
"hashes": {
"sha1": "962d06cc4bfc281d78e3cb554ca7a496dbed469d",
"sha512_sri": "sha512-C3HOJJaf+idH4zFee2TM0QI1QfFGf7Q1E8VaVd1p+mEzTJZRkfnWG8h8BzvwUT0FknCLmIbhBkIpBppF1r61Zw=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "finup-mongo-library"
},
"versions": [
"4.0.1",
"3.9.9"
]
}
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-004181",
"import_time": "2026-05-26T05:52:05.708260392Z",
"modified_time": "2026-05-22T09:55:22Z",
"sha256": "0ebcd2feb8924949312b4c4060c51256c9a62edc9793243b8f00f5dbf6bcc747",
"source": "amazon-inspector",
"versions": [
"4.0.1"
]
},
{
"id": "IN-MAL-2026-003805",
"import_time": "2026-05-26T05:51:20.950446377Z",
"modified_time": "2026-05-21T12:28:01Z",
"sha256": "1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39",
"source": "amazon-inspector",
"versions": [
"3.9.9"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39)\ndist/common/instrument.js calls Sentry.init() at module top level with a hardcoded DSN pointing at the author\u0027s Sentry project (o4511257159139328.ingest.us.sentry.io/4511257262161920), with tracesSampleRate and profilesSampleRate both set to 1.0. Because dist/index.js re-exports this module via __exportStar, any consumer that does `require(\u0027finup-mongo-library\u0027)` (or imports it in a NestJS app, the package\u0027s stated purpose) globally configures the Sentry SDK singleton in their Node.js process. From that point onward, all uncaught exceptions, performance traces, and profiles produced by the consumer\u0027s application \u2014 which routinely include stack frames, source file paths, request URLs, query parameters, and incidental PII captured in error context \u2014 are shipped to a Sentry account the author controls, with no caller opt-in and no documented disclosure. This is a silent-relay shape: the destination is hardcoded by the author, the trigger is module import, and the data flowing out is the consumer\u0027s application telemetry, not the package\u0027s own. A separately-shipped HttpExceptionFilter additionally POSTs request bodies to a Telegram bot URL, but that destination is read from consumer env vars, so it is opt-in and not part of the relay finding.\n",
"id": "MAL-2026-4564",
"modified": "2026-05-26T05:55:02Z",
"published": "2026-05-21T12:28:01Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/finup-mongo-library/v/4.0.1"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/finup-mongo-library/v/3.9.9"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in finup-mongo-library (npm)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.