{"id":"MAL-2026-4533","summary":"Malicious code in codebuff-cli (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d)\nThe package name `codebuff-cli` impersonates the legitimate `codebuff` npm package; the README is copy-pasted from the official CodebuffAI project (it even instructs users to run `npm install -g codebuff`), but the published artifact is an unofficial fork. Three concrete installer-side harms are present:\n\n1. Silent relay of user data to a non-publisher backend. README and the bundled binary configure the default backend as `https://fireworks-api-backend.vercel.app` (a personal Vercel deployment) instead of codebuff.com. Because this CLI is an AI coding agent, by-default usage transmits the user's source code, prompts, and command history to that endpoint.\n2. TLS verification globally disabled. `cli/bin/codebuff.cjs` line 201 spawns the codebuff binary with `NODE_TLS_REJECT_UNAUTHORIZED=0`, disabling certificate verification for every HTTPS connection the binary makes (auth, backend, model providers). Combined with the redirected backend, this allows MITM of all transmitted code/prompts/credentials with no warning.\n3. Unverified binary fetch from a mutable personal-account release. If the bundled binary is missing, `cli/bin/codebuff.cjs` queries `https://api.github.com/repos/Marcus-Mok-GH/codebuff-cli/releases/latest`, downloads `codebuff-\u003cplatform\u003e-\u003carch\u003e` to `~/.codebuff/bin/`, chmods 0755, and executes it — with TLS verification disabled and no hash/signature check. The `latest` tag is mutable and the publisher is a personal GitHub user, not the CodebuffAI org.\n\nAttacker benefit is concrete and sustained: every prompt, code excerpt, and credential entered by an installer who followed the README's `codebuff` instructions is delivered to the publisher's infrastructure over an unverified TLS channel, with the additional ability to swap the executable at any time through the mutable `latest` release pointer.\n","modified":"2026-05-26T06:02:24.538369178Z","published":"2026-05-22T11:16:55Z","database_specific":{"malicious-packages-origins":[{"sha256":"07aee3af30fb34f519be14369e5c55b8ce6b6faf58efe98d63d02e053d27c1b8","id":"IN-MAL-2026-004484","versions":["1.1.1"],"source":"amazon-inspector","import_time":"2026-05-26T05:52:41.435214677Z","modified_time":"2026-05-24T10:46:52Z"},{"sha256":"ea2dc583698f3d0c05ba28d600519b6ef0a431c2a3cbfec6973c49e4e85d3e6a","id":"IN-MAL-2026-004298","versions":["1.0.21"],"source":"amazon-inspector","import_time":"2026-05-26T05:52:19.60557722Z","modified_time":"2026-05-23T07:38:29Z"},{"sha256":"f6f931ab622074246fc27ed57ab5dd0542e2b5c645e53e9f79f5c6f65e483bf5","versions":["1.1.4"],"source":"amazon-inspector","id":"IN-MAL-2026-004593","import_time":"2026-05-26T05:52:54.43548864Z","modified_time":"2026-05-25T06:55:10Z"},{"sha256":"581a9487e6cf281e80dd99457bb19bcbb62ffdc54de0beb998af80aeac249496","import_time":"2026-05-26T05:52:51.402855413Z","id":"IN-MAL-2026-004568","source":"amazon-inspector","versions":["1.0.22"],"modified_time":"2026-05-23T09:02:03Z"},{"sha256":"79bd2cb4e31f834f0c7f31ccc01722a303fb15c3d5e29151242b5fd63e3d5750","versions":["1.0.26"],"source":"amazon-inspector","id":"IN-MAL-2026-004463","import_time":"2026-05-26T05:52:38.973973826Z","modified_time":"2026-05-24T05:19:57Z"},{"sha256":"7e3eed5133b76d3fb4ac742ef59b287d56fdcfff0300218353d521480078a74c","versions":["1.0.18"],"source":"amazon-inspector","id":"IN-MAL-2026-004254","import_time":"2026-05-26T05:52:14.645275631Z","modified_time":"2026-05-22T20:26:03Z"},{"sha256":"855fa70e3fc3583e8b51879a6d37dcdc28411bdda9c1ee422b2b1cd24062234c","import_time":"2026-05-26T05:52:21.335164911Z","id":"IN-MAL-2026-004312","source":"amazon-inspector","versions":["1.0.24"],"modified_time":"2026-05-23T10:45:46Z"},{"sha256":"c1d83ba7569be8fca8a3e401174e96a30c6ec6ab790fc68fb6fca873131db99b","versions":["1.1.7"],"source":"amazon-inspector","id":"IN-MAL-2026-004786","import_time":"2026-05-26T05:53:16.744882288Z","modified_time":"2026-05-25T22:42:33Z"},{"sha256":"c98f573b00f2cbef8a1f9ce208b401f890adc0bd589b9ac405e320c242549ff4","source":"amazon-inspector","import_time":"2026-05-26T05:52:39.31747092Z","id":"IN-MAL-2026-004466","versions":["1.0.28"],"modified_time":"2026-05-24T05:54:53Z"},{"sha256":"f8a7399f405f8b5cd445825e0ea971188dab2ca895be457a36bac26f39177302","id":"IN-MAL-2026-004483","versions":["1.1.0"],"source":"amazon-inspector","import_time":"2026-05-26T05:52:41.327120914Z","modified_time":"2026-05-24T09:52:59Z"},{"sha256":"0aeff449bcc91ff751407d86a8a13ea2797e1a9d85df04cce1fbfbbdb9c66e3b","import_time":"2026-05-26T05:52:12.728524606Z","id":"IN-MAL-2026-004237","source":"amazon-inspector","versions":["1.0.15"],"modified_time":"2026-05-22T18:17:57Z"},{"sha256":"20745917fcbb9e21932170480e2750f8a340fd453d3ef1e1f75d29368c58000b","source":"amazon-inspector","import_time":"2026-05-26T05:52:12.30682379Z","id":"IN-MAL-2026-004233","versions":["1.0.14"],"modified_time":"2026-05-22T17:28:14Z"},{"sha256":"5255796089443603b793c67038e04bf6c1ef4eec651e1c8f8afbedcc0e8b9215","source":"amazon-inspector","import_time":"2026-05-26T05:52:13.837871643Z","id":"IN-MAL-2026-004247","versions":["1.0.17"],"modified_time":"2026-05-22T18:59:18Z"},{"sha256":"575af29454416864c07f305659a29c42e6439a87e85d3463651ab2d80e69e6e4","versions":["1.0.23"],"source":"amazon-inspector","id":"IN-MAL-2026-004304","import_time":"2026-05-26T05:52:20.273104419Z","modified_time":"2026-05-23T09:15:47Z"},{"sha256":"65f50bacf00046f8729f2388f5fe2a7e4cef170dbaf43647d409f54ef61c7442","import_time":"2026-05-26T05:52:07.090186471Z","id":"IN-MAL-2026-004193","source":"amazon-inspector","versions":["1.0.11"],"modified_time":"2026-05-22T11:16:55Z"},{"sha256":"e6ddcc4d1d42b51dd9a4d8e373048e4e47f2fc28f065ae2dd08cbac261b6e366","import_time":"2026-05-26T05:52:19.510537571Z","id":"IN-MAL-2026-004297","source":"amazon-inspector","versions":["1.0.20"],"modified_time":"2026-05-23T07:38:25Z"},{"sha256":"78d6c7f9b0d00da33890bae4b502446c51578d21330c1d9834aa940d4b0431c5","import_time":"2026-05-26T05:52:20.163964707Z","id":"IN-MAL-2026-004303","source":"amazon-inspector","versions":["1.0.22"],"modified_time":"2026-05-23T09:02:03Z"},{"sha256":"d322914dcce2f1a019be46a4bc3f34b2f43ad43902f315362c4b53c008dccc9b","versions":["1.1.2"],"source":"amazon-inspector","id":"IN-MAL-2026-004561","import_time":"2026-05-26T05:52:50.694598189Z","modified_time":"2026-05-25T00:22:07Z"},{"sha256":"f82b278953aaa12ce168593fd6a9bfb0648a791d92b3293f2e5182ff8a17fc45","versions":["1.0.27"],"source":"amazon-inspector","id":"IN-MAL-2026-004464","import_time":"2026-05-26T05:52:39.074419671Z","modified_time":"2026-05-24T05:27:57Z"},{"sha256":"bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d","versions":["1.1.8"],"source":"amazon-inspector","id":"IN-MAL-2026-004787","import_time":"2026-05-26T05:53:16.869151619Z","modified_time":"2026-05-25T22:45:14Z"},{"sha256":"2a7b10422f2e6759ea8dc780eaaaf681cf1b9596904b5fb540a66654c84e9f8a","versions":["1.0.12"],"source":"amazon-inspector","id":"IN-MAL-2026-004460","import_time":"2026-05-26T05:52:38.54362321Z","modified_time":"2026-05-22T11:41:50Z"},{"sha256":"42cf7f9c8603c145d4555e9c84fc0de3e57b05d7a0342c1b2a9f23e850fc3714","import_time":"2026-05-26T05:53:16.636952214Z","id":"IN-MAL-2026-004785","source":"amazon-inspector","versions":["1.1.6"],"modified_time":"2026-05-25T22:42:19Z"},{"sha256":"4f149caff4acc645b9efb79bf92c9dd64fc35865b52ab27875a7b805bf8b088b","source":"amazon-inspector","import_time":"2026-05-26T05:52:58.866126966Z","id":"IN-MAL-2026-004629","versions":["1.1.5"],"modified_time":"2026-05-25T11:32:00Z"},{"sha256":"ca4e32a5c10c9898a693c8edb3589548a2ef6915e4a37823a1d954fe28b31a7d","import_time":"2026-05-26T05:52:07.323905708Z","id":"IN-MAL-2026-004195","source":"amazon-inspector","versions":["1.0.12"],"modified_time":"2026-05-22T11:41:50Z"},{"sha256":"d0ac1bcd5545634fb377d6eb208bfc3610b7175a8e85b1a381eb7ebacb4a09c3","import_time":"2026-05-26T05:52:19.368052675Z","id":"IN-MAL-2026-004295","source":"amazon-inspector","versions":["1.0.19"],"modified_time":"2026-05-23T07:08:45Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.1.1"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.21"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.1.4"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.22"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.26"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.18"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.24"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.1.7"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.28"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.1.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.15"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.14"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.17"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.23"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.11"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.20"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.1.2"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.27"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.1.8"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.12"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.1.6"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.1.5"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/codebuff-cli/v/1.0.19"}],"affected":[{"package":{"name":"codebuff-cli","ecosystem":"npm","purl":"pkg:npm/codebuff-cli"},"versions":["1.1.1","1.0.21","1.1.4","1.0.22","1.0.26","1.0.18","1.0.24","1.1.7","1.0.28","1.1.0","1.0.15","1.0.14","1.0.17","1.0.23","1.0.11","1.0.20","1.1.2","1.0.27","1.1.8","1.0.12","1.1.6","1.1.5","1.0.19"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/codebuff-cli/MAL-2026-4533.json","indicators":{"evidence_files":[{"path":"package.json","tlsh":"4d51eb51cd98cd3317905517b0369a23104a1a0f1e95fc8c3ba2a33e4f6c2af20b6a7f","sha256":"f6113c9c4be6a0a5e268c4802f3c0ef5f2c08eb082c6cec5b32f204bdeda8098"},{"tlsh":"9e02848d6af391340ab3929e4b4ba029b5379503320ddf58f6ec83542f8262cc5e57de","sha256":"4f2c25b75c2d9b91de8ea02c9330bbc4ab751b914c4e743965161d711a4bad95","path":"cli/bin/codebuff.cjs"}],"package_integrity":[{"filename":"codebuff-cli-1.1.1.tgz","hashes":{"sha1":"e09e744a8d0f7cfa629806bce4d5940f5f10c3cd","sha512_sri":"sha512-lAN64ZUmvd9EC++oxh7RASWWInJncekFreFVgba9FNG9rc1sxSukGIwNH6TjWRE11i65X4CH/+pC9KR4MI+xtw=="}}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}