amdocs-core-package @11.11.11
Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 5:45 AM UTC
OSV ID
MAL-2025-6695
Ecosystem
npm
Summary
The package declares a preinstall hook that runs index.js on npm install. index.js requires https and os, reads os.hostname(), and issues an https.request POST to a hardcoded *.oastify.com Burp Collaborator subdomain, additionally embedding the hostname into the DNS label of that subdomain for out-of-band capture. Package metadata is placeholder (empty description and author, version 11.11.11, name shaped like an internal 'amdocs' scope), consistent with a dependency-confusion payload targeting an internal namespace. Installing the package causes the installer's host identifier to leave the machine to an attacker-controlled collaborator domain.
Source: amazon-inspector (1e196068c171b8528ec4f1f0db852ef32a7b530ecce14d79696a21c4f685c2c6)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.