mal-2026-5973
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d)
The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography (require('tailwindcss/plugin'), prose-* class generator), even though the package name has no relationship to Tailwind. Appended after the cloned plugin code at src/index.js:124+ is a heavily obfuscated IIFE using an RC4-decoded string array and AES-decipher key table to hide its strings and control flow. The decoded action table contains keys 'cmd.npx', 'cmd.npxwin', 'pkg.link', 'cmd.install', 'flag.yes', which are consumed by helpers that call child_process.spawn with detached:true, stdio:'ignore', windowsHide:true and creationFlags set to DETACHED_PROCESS to silently run npx -y <pkg.link>, fetching and executing an attacker-controlled package from the npm registry on the developer's machine. On Windows an additional path uses keys 'ext.vbs', 'vbs.tag', 'win.wscript': a VBS file is written to os.tmpdir() with a crypto.randomBytes(4) hex prefix and launched via wscript.exe (detached, windowsHide), followed by process.exit(0), to hide the dropper invocation from the console. The action table also contains 'env.api' and 'api.base' entries, and the spawn helper clones process.env and injects api.base as the env.api value into the child, so the downstream npx-fetched package receives a C2/telemetry endpoint via environment. Because require('classbreeze-utils') is the plugin entry point loaded by any Tailwind build that adds it, the dropper fires automatically as soon as a build that depends on it runs, executing arbitrary attacker-controlled code on the developer/CI machine.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "src/index.js",
"sha256": "538bc398c34413de4c95370b4a06405179639d4d0ef5002bf575805ffc7190fa",
"tlsh": "7382e8c436d2b0a0527712731b9b90e9e23998c3780d788bf07cb29dbf1866cd7a1d59"
},
{
"path": "README.md",
"sha256": "5c456cc04b8dfa3f97324ed7b306a5962bf3cc10ba0f635ee20e7494c8f813ec",
"tlsh": "e76283a5cd62eff23b3380a663cb905ab713934f85105a827dac915c2fcd7da41ad58c"
}
],
"package_integrity": [
{
"filename": "classbreeze-utils-0.7.8.tgz",
"hashes": {
"sha1": "81b2021c8bdfa0a97e5dd23bbd61ca373119b04a",
"sha512_sri": "sha512-nu2NX6KDxPbRbHr5E/9wlvLAjgHMxbdrp91zQnL+bswKJ3Z8HAdX8krXvrrndLUX3mUMhbhcW+MztkFdHoDiyw=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "classbreeze-utils"
},
"versions": [
"0.7.8",
"0.7.10",
"0.7.9"
]
}
],
"credits": [
{
"contact": [
"inspector-research@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-006874",
"import_time": "2026-06-17T05:45:41.612565844Z",
"modified_time": "2026-06-17T04:18:32Z",
"sha256": "bd50696fc7ff4ed1899df5a40dc90cbb7b5480f083bca92a2272884d7540783e",
"source": "amazon-inspector",
"versions": [
"0.7.8"
]
},
{
"id": "IN-MAL-2026-007020",
"import_time": "2026-06-18T19:20:02.515827648Z",
"modified_time": "2026-06-18T19:08:20Z",
"sha256": "50647f0da027926236690384c4a16284d0625f569870e1d27bb6bc9213b72c00",
"source": "amazon-inspector",
"versions": [
"0.7.10"
]
},
{
"id": "IN-MAL-2026-007021",
"import_time": "2026-06-18T19:20:02.59350664Z",
"modified_time": "2026-06-18T19:08:26Z",
"sha256": "e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d",
"source": "amazon-inspector",
"versions": [
"0.7.9"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d)\nThe package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography (require(\u0027tailwindcss/plugin\u0027), prose-* class generator), even though the package name has no relationship to Tailwind. Appended after the cloned plugin code at src/index.js:124+ is a heavily obfuscated IIFE using an RC4-decoded string array and AES-decipher key table to hide its strings and control flow. The decoded action table contains keys \u0027cmd.npx\u0027, \u0027cmd.npxwin\u0027, \u0027pkg.link\u0027, \u0027cmd.install\u0027, \u0027flag.yes\u0027, which are consumed by helpers that call child_process.spawn with detached:true, stdio:\u0027ignore\u0027, windowsHide:true and creationFlags set to DETACHED_PROCESS to silently run `npx -y \u003cpkg.link\u003e`, fetching and executing an attacker-controlled package from the npm registry on the developer\u0027s machine. On Windows an additional path uses keys \u0027ext.vbs\u0027, \u0027vbs.tag\u0027, \u0027win.wscript\u0027: a VBS file is written to os.tmpdir() with a crypto.randomBytes(4) hex prefix and launched via wscript.exe (detached, windowsHide), followed by process.exit(0), to hide the dropper invocation from the console. The action table also contains \u0027env.api\u0027 and \u0027api.base\u0027 entries, and the spawn helper clones process.env and injects api.base as the env.api value into the child, so the downstream npx-fetched package receives a C2/telemetry endpoint via environment. Because require(\u0027classbreeze-utils\u0027) is the plugin entry point loaded by any Tailwind build that adds it, the dropper fires automatically as soon as a build that depends on it runs, executing arbitrary attacker-controlled code on the developer/CI machine.\n",
"id": "MAL-2026-5973",
"modified": "2026-06-18T19:21:55Z",
"published": "2026-06-17T04:18:32Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/classbreeze-utils/v/0.7.8"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/classbreeze-utils/v/0.7.10"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/classbreeze-utils/v/0.7.9"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in classbreeze-utils (npm)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.