MAL-2026-4755
Vulnerability from ossf_malicious_packages
Published
2026-05-21 22:51
Modified
2026-05-26 05:55
Summary
Malicious code in mathepy (PyPI)
Details
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1)
Package metadata advertises mathepy as a 'Module for Quick Calculations', but the package's importable init.py exposes ~13 top-level functions (ask_llm, pink, america, iran, momo, dropnull, code, sf, abc, liti, bcd, lc, init, koko) whose bodies each construct a Groq client with a hardcoded gsk_ API key and forward the caller-supplied prompt argument to api.groq.com's chat-completions endpoint. For example, src/mathepy/ai_helper.py:4 instantiates Groq(api_key="gsk_m7BJ...") and ask_llm posts the caller's prompt to client.chat.completions.create; analogous code is present in pink.py, america.py, iran.py, momo.py, dropnull.py, code.py, sf.py, abc.py, liti.py, bcd.py, lc.py, koko.py, and init.py, each with a distinct hardcoded gsk_ key. Callers have no way to opt out, the destination is unconfigurable, and the README does not disclose that input is sent to a third-party LLM service. Any developer who imports mathepy and invokes one of these functions silently routes their inputs through the author's Groq account. This is the silent-relay supply-chain shape: a package's advertised API hides a hardcoded outbound destination that exfiltrates caller-supplied data. The hardcoded keys themselves are author-self-harm (anyone can extract and burn the author's Groq quota), but the relay channel they enable is the installer-facing harm.
CWE
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
Credits
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "src/mathepy/ai_helper.py",
"sha256": "03b960bee8e48c2b91670ea317a7ebfcdecda5db5acbe5a9d80f4dcb99351bd1",
"tlsh": "3df09525cc64484e07a241aaa6119851707ff41372f070b9f22c54b85fd2e6751e57d7"
},
{
"path": "src/mathepy/init.py",
"sha256": "5c5e95a41edef2e0096ee9ba2a3c73069d5062519e6a3f7716a4fa71e98c5928",
"tlsh": "21316663de49471903d2907e99589181f278f40b272475a9f87cc24c4fc217adbf97b9"
}
],
"package_integrity": [
{
"filename": "mathepy-1.2.0-py3-none-any.whl",
"hashes": {
"blake2b_256": "19bfa304e14a712870fcca3964c2125d9456cc3c231861989446ac510ae4a478",
"md5": "eacdcb6bbc1165c0cba3b4efc24df57d",
"sha256": "77c393cd7571d39e42e62f6daf81d9057d44087867027cbd0fa04c9cd65e1e90"
}
},
{
"filename": "mathepy-1.2.0.tar.gz",
"hashes": {
"blake2b_256": "38591988fdf5ded1107122b48d0912f7b0356e06e7a56082ff71f8de04dd23d0",
"md5": "d46e87e78fcc03c8c8488ebad8234b55",
"sha256": "3d13460ce609cca7c8cbbafd7ab98d9d9fed4834e4bda7e99f800704051503e1"
}
}
]
}
},
"package": {
"ecosystem": "PyPI",
"name": "mathepy"
},
"versions": [
"1.2.0",
"3.5.0",
"4.5.0",
"2.5.0",
"6.7.0",
"6.6.0",
"1.0.0",
"8.0.0",
"6.8.0",
"5.5.0",
"2.2.0",
"5.6.0",
"7.8.0",
"7.9.0"
]
}
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-004062",
"import_time": "2026-05-26T05:51:51.918427305Z",
"modified_time": "2026-05-21T22:51:51Z",
"sha256": "02b6bdc1d574730d17402a0de0a723bde9a9eae564236b977d64c76669f297d5",
"source": "amazon-inspector",
"versions": [
"1.2.0"
]
},
{
"id": "IN-MAL-2026-004105",
"import_time": "2026-05-26T05:51:56.812553923Z",
"modified_time": "2026-05-22T00:23:13Z",
"sha256": "f6c753ce19473103600325f51274a7190eee54e48be1e19c828f2af105eca173",
"source": "amazon-inspector",
"versions": [
"3.5.0"
]
},
{
"id": "IN-MAL-2026-004102",
"import_time": "2026-05-26T05:51:56.512078347Z",
"modified_time": "2026-05-22T00:23:08Z",
"sha256": "febe3de1c0fc94c227cd37d422989e447bbaf1cc519dda7979036661bf58f0e2",
"source": "amazon-inspector",
"versions": [
"4.5.0"
]
},
{
"id": "IN-MAL-2026-004103",
"import_time": "2026-05-26T05:51:56.620741729Z",
"modified_time": "2026-05-22T00:23:08Z",
"sha256": "10141229d153545990ab1d358689df6c1c927e43195ac5e3c0101caab3179a55",
"source": "amazon-inspector",
"versions": [
"2.5.0"
]
},
{
"id": "IN-MAL-2026-004732",
"import_time": "2026-05-26T05:53:10.634050878Z",
"modified_time": "2026-05-25T17:31:03Z",
"sha256": "268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1",
"source": "amazon-inspector",
"versions": [
"6.7.0"
]
},
{
"id": "IN-MAL-2026-004728",
"import_time": "2026-05-26T05:53:10.160218268Z",
"modified_time": "2026-05-25T17:01:59Z",
"sha256": "41ae6d35f231dc4e14d7c6d44fd6d4a74b65ef671893d798837d3821da3cf9af",
"source": "amazon-inspector",
"versions": [
"6.6.0"
]
},
{
"id": "IN-MAL-2026-004066",
"import_time": "2026-05-26T05:51:52.299136038Z",
"modified_time": "2026-05-21T22:52:16Z",
"sha256": "4e6882d2388d4a50651f1522ff880cb1084aaff474f04b1255e6261d0d886df5",
"source": "amazon-inspector",
"versions": [
"1.0.0"
]
},
{
"id": "IN-MAL-2026-004778",
"import_time": "2026-05-26T05:53:15.890903702Z",
"modified_time": "2026-05-25T21:32:29Z",
"sha256": "518048c89b6bba58b224d7f191fa7c68e9e31d8b6376b82794aed6f53a86e52c",
"source": "amazon-inspector",
"versions": [
"8.0.0"
]
},
{
"id": "IN-MAL-2026-004733",
"import_time": "2026-05-26T05:53:10.786000733Z",
"modified_time": "2026-05-25T17:31:09Z",
"sha256": "83747496974b4c8d5bc9d26f06416df48689cd4ca4793d2a5df8648279647174",
"source": "amazon-inspector",
"versions": [
"6.8.0"
]
},
{
"id": "IN-MAL-2026-004101",
"import_time": "2026-05-26T05:51:56.407339841Z",
"modified_time": "2026-05-22T00:22:58Z",
"sha256": "862033605e990d5a982099b7d0cc47621c9df572b2df9a1e20c5a95df787c7f6",
"source": "amazon-inspector",
"versions": [
"5.5.0"
]
},
{
"id": "IN-MAL-2026-004097",
"import_time": "2026-05-26T05:51:55.979834823Z",
"modified_time": "2026-05-21T23:52:58Z",
"sha256": "8cd074d98a1fad36ae5f2bc78749db55c19d9cdbdae37aa14b0a766b344b775d",
"source": "amazon-inspector",
"versions": [
"2.2.0"
]
},
{
"id": "IN-MAL-2026-004104",
"import_time": "2026-05-26T05:51:56.71759969Z",
"modified_time": "2026-05-22T00:23:12Z",
"sha256": "a3a09863fd16dad4603c0e3f0e1ea20200dd068faf851e261e8609f067cfd7dc",
"source": "amazon-inspector",
"versions": [
"5.6.0"
]
},
{
"id": "IN-MAL-2026-004762",
"import_time": "2026-05-26T05:53:14.036415348Z",
"modified_time": "2026-05-25T19:01:18Z",
"sha256": "b27de99c93386ef2a08633856bd7c51215f1de908c4fddbd40fb3797f12f687e",
"source": "amazon-inspector",
"versions": [
"7.8.0"
]
},
{
"id": "IN-MAL-2026-004777",
"import_time": "2026-05-26T05:53:15.781904956Z",
"modified_time": "2026-05-25T21:02:34Z",
"sha256": "f3e83054932030531e5716a59985c086e357d4aa8ee1760ce890449f66d864f1",
"source": "amazon-inspector",
"versions": [
"7.9.0"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1)\nPackage metadata advertises mathepy as a \u0027Module for Quick Calculations\u0027, but the package\u0027s importable __init__.py exposes ~13 top-level functions (ask_llm, pink, america, iran, momo, dropnull, code, sf, abc, liti, bcd, lc, init, koko) whose bodies each construct a Groq client with a hardcoded gsk_* API key and forward the caller-supplied prompt argument to api.groq.com\u0027s chat-completions endpoint. For example, src/mathepy/ai_helper.py:4 instantiates `Groq(api_key=\"gsk_m7BJ...\")` and ask_llm posts the caller\u0027s `prompt` to `client.chat.completions.create`; analogous code is present in pink.py, america.py, iran.py, momo.py, dropnull.py, code.py, sf.py, abc.py, liti.py, bcd.py, lc.py, koko.py, and init.py, each with a distinct hardcoded gsk_* key. Callers have no way to opt out, the destination is unconfigurable, and the README does not disclose that input is sent to a third-party LLM service. Any developer who imports mathepy and invokes one of these functions silently routes their inputs through the author\u0027s Groq account. This is the silent-relay supply-chain shape: a package\u0027s advertised API hides a hardcoded outbound destination that exfiltrates caller-supplied data. The hardcoded keys themselves are author-self-harm (anyone can extract and burn the author\u0027s Groq quota), but the relay channel they enable is the installer-facing harm.\n",
"id": "MAL-2026-4755",
"modified": "2026-05-26T05:55:05Z",
"published": "2026-05-21T22:51:51Z",
"references": [
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/1.2.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/3.5.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/4.5.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/2.5.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/6.7.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/6.6.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/1.0.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/8.0.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/6.8.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/5.5.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/2.2.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/5.6.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/7.8.0/"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/mathepy/7.9.0/"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in mathepy (PyPI)"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…