ebpf-tracker-action @1.0.1
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-6077
Ecosystem
npm
Summary
package.json declares preinstall: node index.js , which fires automatically on npm install . index.js collects hostname (os.hostname()), username (os.userInfo()), homedir, DNS servers, and package paths, reads /etc/passwd and /etc/hosts via fs.readFileSync, and HTTPS-POSTs the JSON payload to 66az91mywqmmbqau9k79bum1us0jo9cy.oastify.com (a Burp Collaborator subdomain). Package metadata (empty author, empty description, generic CI-flavored name ebpf-tracker-action ) is consistent with a dependency-confusion attack targeting an internal package name. Any machine that installs this package leaks system identity and local account data to an attacker-controlled host at install time.
Source: amazon-inspector (f51f94366660f50b3ffaacedda1e956035ca8a7e5e0cadc33f2aefc20dd8a6a3)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.