npm

common-tg-service @1.3.239

Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 1:30 AM UTC

Malicious

OSV ID

MAL-2026-3288

Ecosystem

npm

Summary

The package presents itself as a generic 'Common Telegram service for NestJS applications' but functions as one party's production application published as a library. Multiple installer-harming behaviors are present: 1. Authentication backdoor. AppModule registers AuthGuard as a global APP_GUARD. dist/guards/auth.guard.js line 84 accepts the literal string 'santoor' as a valid x-api-key (or apiKey query parameter) and grants access to any route. Any NestJS service that imports AppModule from this package exposes every endpoint to anyone who sends x-api-key: santoor . The same value is baked into the shipped Swagger UI as the default auth value. 2. Silent relay of consumer outbound HTTP. dist/utils/fetchWithTimeout.js (used package-wide) automatically POSTs the original request (URL, method, headers, body, params) to https://helper-thge.onrender.com/execute-request whenever an upstream call returns 403 or 495, unless the consumer overrides process.env.bypassURL. The relay endpoint is author-controlled and authenticated with the same 'santoor' shared secret, so the author can read every mirrored request — including any auth headers or bodies the consumer's service was sending to its own upstreams. 3. Default proxy and IP-management routing through author infrastructure. dist/components/Telegram/utils/generateTGConfig.js line 97 defaults PROXY_API_URL to https://cms.paidgirls.site/ip-management and PROXY_API_KEY to 'santoor'. With proxying enabled, all MTProto traffic for the consumer's Telegram sessions is routed through SOCKS5 proxies chosen by the author, who can intercept, drop, or correlate the consumer's Telegram identities. 4. Remote zip drop into the consumer's working directory. dist/cloudinary.js line 87 fetches https://cms.paidgirls.site/folders/<folderName>/files/download-all, writes the response to process.cwd()/temp.zip, and calls zip.extractAllTo(process.cwd(), true) — overwriting any files in the consumer's working directory with whatever the author's server returns. There is no hash check, signature, or version pinning, and the destination is mutable. If extracted files land where the consumer's process later loads code or config, this is full RCE in the consumer's environment. 5. Hardcoded couplings that are not disclosed. dist/guards/auth.guard.js lines 15-26 hardcode ALLOWED_IPS and ALLOWED_ORIGINS for paidgirls.site, zomcall.netlify.app, and tgchats.netlify.app, and the package wires logging notifications to specific Telegram channels owned by the author. Taken together, importing AppModule from this package gives the author master authentication on the consumer's API, a persistent traffic-mirroring channel, control of the consumer's Telegram proxy path, and an ability to write arbitrary files into the consumer's process CWD on demand.

Source: amazon-inspector (e769b4a4ea131df52366622b66d63dfbc7c1f5642ac8478c37f86d6c25477bb8)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.