{"vulnerability": "GHSA-JGG6-4RPR-WFH7", "sightings": [{"uuid": "9ece1d3f-79ea-4d93-9ffd-1745159cf44e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-jgg6-4rpr-wfh7", "type": "seen", "source": "https://gist.github.com/gabrielstuff/1ec8cb4a351745895c76dfadc789090a", "content": "#!/usr/bin/env bash\n# Mini Shai-Hulud / TanStack npm supply-chain compromise check.\n# Safe to run \u2014 read-only, no network calls, no modifications.\n# Works in bash and zsh. macOS + Linux.\n#\n# Based on IOCs published by Socket.dev (2026-05-11) and OpenAI's response\n# (2026-05-13). Covers TanStack, Mistral AI, OpenSearch, Guardrails AI,\n# Squawk, and the gh-token-monitor stealer drop.\n\nset +e\nset -u\n\n# ---------- colors ----------\nRED=$'\\033[31m'; GRN=$'\\033[32m'; YLW=$'\\033[33m'; BLD=$'\\033[1m'; DIM=$'\\033[2m'; RST=$'\\033[0m'\n[ -t 1 ] || { RED=\"\"; GRN=\"\"; YLW=\"\"; BLD=\"\"; DIM=\"\"; RST=\"\"; }\n\nHITS=0\nFINDINGS=()\n\nsection() { printf '\\n%s\u2500\u2500 %s \u2500\u2500%s\\n' \"$BLD\" \"$1\" \"$RST\"; }\nok() { printf ' %sok%s %s\\n' \"$GRN\" \"$RST\" \"$1\"; }\nbad() { HITS=$((HITS + 1)); FINDINGS+=(\"$1\"); printf ' %sHIT%s %s\\n' \"$RED\" \"$RST\" \"$1\"; }\nnote() { printf ' %s%s%s\\n' \"$DIM\" \"$1\" \"$RST\"; }\n\n# Known malicious SHA-256s (Socket.dev + Mistral AI advisory)\nSHA_ROUTER_INIT=\"ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c\"\nSHA_TANSTACK_RUNNER=\"2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96\"\nSHA_TANSTACK_SETUP_PKG=\"7c12d8614c624c70d6dd6fc2ee289332474abaa38f70ebe2cdef064923ca3a9b\"\n\n# Compromised commits in TanStack/router fork network\nBAD_COMMIT=\"79ac49eedf774dd4b0cfa308722bc463cfe5885c\"\nBAD_COMMIT_FORK=\"65bf499d16a5e8d25ba95d69ec9790a6dd4a1f14\"\n\n# Known C2 / attacker infra (domains + IP)\nBAD_HOSTS='filev2\\.getsession\\.org|seed[123]\\.getsession\\.org|git-tanstack\\.com|api\\.masscan\\.cloud|litter\\.catbox\\.moe|83\\.142\\.209\\.194'\n\n# Attacker GitHub identities\nBAD_GH_USERS='zblgg|voicproducoes|zblgg/configuration'\n\n# Compromised npm/PyPI artifacts (specific versions only)\n# Format: name@version, one per line\nBAD_PKGS=$(cat <<'EOF'\n@mistralai/mistralai@2.2.2\n@mistralai/mistralai@2.2.3\n@mistralai/mistralai@2.2.4\n@mistralai/mistralai-azure@1.7.1\n@mistralai/mistralai-azure@1.7.2\n@mistralai/mistralai-azure@1.7.3\n@mistralai/mistralai-gcp@1.7.1\n@mistralai/mistralai-gcp@1.7.2\n@mistralai/mistralai-gcp@1.7.3\n@opensearch-project/opensearch@3.5.3\n@opensearch-project/opensearch@3.6.2\n@opensearch-project/opensearch@3.7.0\n@opensearch-project/opensearch@3.8.0\n@squawk/mcp@0.9.2\n@squawk/mcp@0.9.3\n@squawk/mcp@0.9.4\n@squawk/mcp@0.9.5\n@squawk/weather@0.5.10\n@squawk/flightplan@0.5.6\nguardrails-ai@0.10.1\nmistralai@2.4.6\ncross-stitch@1.1.4\ncross-stitch@1.1.5\ncross-stitch@1.1.6\ncross-stitch@1.1.7\nts-dna@3.0.3\nts-dna@3.0.4\nts-dna@3.0.5\ngit-git-git@1.0.10\ngit-git-git@1.0.11\ngit-git-git@1.0.12\ngit-branch-selector@1.3.6\ngit-branch-selector@1.3.7\nnextmove-mcp@0.1.5\nnextmove-mcp@0.1.6\nnextmove-mcp@0.1.7\ncmux-agent-mcp@0.1.7\ncmux-agent-mcp@0.1.8\nEOF\n)\n\ncheck_path() {\n local label=\"$1\" p=\"$2\"\n if [ -e \"$p\" ] || [ -L \"$p\" ]; then\n bad \"$label exists \u2192 $p\"\n ls -la \"$p\" 2>/dev/null | sed 's/^/ /'\n else\n ok \"$label not present\"\n fi\n}\n\n# pick a sha256 tool\nSHA=\"\"\ncommand -v shasum >/dev/null 2>&1 && SHA=\"shasum -a 256\"\n[ -z \"$SHA\" ] && command -v sha256sum >/dev/null 2>&1 && SHA=\"sha256sum\"\n\n# ---------- header ----------\ncat </dev/null)\nuser: $(id -un 2>/dev/null)\nos: $(uname -srm 2>/dev/null)\nshell: ${SHELL:-unknown}\ndate: $(date -u '+%Y-%m-%dT%H:%M:%SZ')\nEOF\n\n# ---------- 1. malicious payload files anywhere (incl. node_modules) ----------\nsection \"1. Payload files (router_init.js, tanstack_runner.js, vite_setup.mjs)\"\nnote \"IOC files dropped into compromised TanStack/Mistral/etc. packages\"\nnote \"scanning node_modules \u2014 that's where the files live\"\n\nRI_LIST=$(find \"$HOME\" \\\n \\( -name .Trash -o -name Library \\) -prune \\\n -o -type f \\( -name router_init.js -o -name tanstack_runner.js -o -name vite_setup.mjs \\) -print 2>/dev/null)\n\nif [ -n \"$RI_LIST\" ]; then\n bad \"malicious payload file(s) found\"\n while IFS= read -r f; do\n printf ' %s\\n' \"$f\"\n if [ -n \"$SHA\" ]; then\n h=$($SHA \"$f\" 2>/dev/null | awk '{print $1}')\n case \"$h\" in\n \"$SHA_ROUTER_INIT\"|\"$SHA_TANSTACK_RUNNER\")\n printf ' %s\u21b3 SHA-256 MATCHES KNOWN MALWARE: %s%s\\n' \"$RED\" \"$h\" \"$RST\" ;;\n *)\n printf ' %s\u21b3 sha256: %s%s\\n' \"$DIM\" \"$h\" \"$RST\" ;;\n esac\n fi\n done <<< \"$RI_LIST\"\nelse\n ok \"no router_init.js / tanstack_runner.js / vite_setup.mjs found\"\nfi\n\n# ---------- 2. gh-token-monitor stealer persistence ----------\nsection \"2. gh-token-monitor stealer persistence\"\ncheck_path \"launch script \" \"$HOME/.local/bin/gh-token-monitor.sh\"\ncheck_path \"systemd unit \" \"$HOME/.config/systemd/user/gh-token-monitor.service\"\ncheck_path \"macOS LaunchAgent\" \"$HOME/Library/LaunchAgents/com.user.gh-token-monitor.plist\"\n\n# ---------- 3. agent / editor config dir drops ----------\nsection \"3. Suspicious scripts in agent + editor config dirs\"\nnote \"covers .claude .codex .opencode .cursor .windsurf .aider .continue .zed .trae .vscode\"\n\nAGENT_DIRS='.claude|.codex|.opencode|.cursor|.windsurf|.aider|.continue|.zed|.trae|.vscode|.copilot|.github-copilot'\nDROP_HITS=$(find \"$HOME\" \\\n \\( -name node_modules -o -name extensions -o -name .Trash -o -name Library \\) -prune \\\n -o -type f \\( -name 'setup.mjs' -o -name 'router_runtime.js' -o -name 'router_init.js' -o -name 'tanstack_runner.js' \\) \\\n -print 2>/dev/null \\\n | grep -E \"/($AGENT_DIRS)/\")\nif [ -n \"$DROP_HITS\" ]; then\n bad \"suspicious script(s) in agent/editor config dirs\"\n printf '%s\\n' \"$DROP_HITS\" | sed 's/^/ /'\nelse\n ok \"no suspicious scripts in agent/editor config dirs\"\nfi\n\n# ---------- 4. .claude/settings.json hooks ----------\nsection \"4. .claude/settings.json with unexpected hooks\"\nSETTINGS_HITS=\"\"\nwhile IFS= read -r f; do\n case \"$f\" in */node_modules/*) continue ;; esac\n if grep -Ei \"router_init|router_runtime|tanstack_runner|vite_setup|setup\\.mjs|$BAD_HOSTS\" \"$f\" >/dev/null 2>&1; then\n SETTINGS_HITS=\"${SETTINGS_HITS}${f}\"$'\\n'\n fi\ndone < <(find \"$HOME\" \\\n \\( -name node_modules -o -name .Trash -o -name Library \\) -prune \\\n -o -path '*/.claude/settings.json' -type f -print 2>/dev/null)\nif [ -n \"$SETTINGS_HITS\" ]; then\n bad \".claude/settings.json contains IOC strings\"\n printf '%s' \"$SETTINGS_HITS\" | sed 's/^/ /'\nelse\n ok \".claude/settings.json files clean\"\nfi\n\n# ---------- 5. .vscode/tasks.json content ----------\nsection \"5. .vscode/tasks.json containing payload\"\nnote \"tasks.json is normal \u2014 only flagged if it contains IOC strings\"\nTJ_HITS=\"\"\nwhile IFS= read -r f; do\n case \"$f\" in */node_modules/*|*/extensions/*) continue ;; esac\n if grep -lEi \"gh-token-monitor|router_init|router_runtime|tanstack_runner|vite_setup|setup\\.mjs|$BAD_HOSTS|curl .*\\| *(sh|bash|node)|wget .*\\| *(sh|bash|node)\" \"$f\" >/dev/null 2>&1; then\n TJ_HITS=\"${TJ_HITS}${f}\"$'\\n'\n fi\ndone < <(find \"$HOME\" \\\n \\( -name node_modules -o -name extensions -o -name .Trash -o -name Library \\) -prune \\\n -o -path '*/.vscode/tasks.json' -type f -print 2>/dev/null)\nif [ -n \"$TJ_HITS\" ]; then\n bad \"tasks.json with malware payload\"\n printf '%s' \"$TJ_HITS\" | sed 's/^/ /'\nelse\n ok \"no tasks.json contains payload strings\"\nfi\n\n# ---------- 6. /tmp/transformers.pyz (guardrails-ai variant) ----------\nsection \"6. /tmp/transformers.pyz (guardrails-ai payload)\"\nif [ -e /tmp/transformers.pyz ]; then\n bad \"/tmp/transformers.pyz exists\"\n ls -la /tmp/transformers.pyz 2>/dev/null | sed 's/^/ /'\nelse\n ok \"/tmp/transformers.pyz not present\"\nfi\n\n# ---------- 7. compromised packages in lockfiles ----------\nsection \"7. Compromised package versions in lockfiles\"\nnote \"scans package-lock.json / pnpm-lock.yaml / yarn.lock / package.json / requirements.txt\"\n\nLOCK_HITS=\"\"\nLOCK_FILES=$(find \"$HOME\" \\\n \\( -name node_modules -o -name .Trash -o -name Library -o -name .git \\) -prune \\\n -o -type f \\( -name 'package-lock.json' -o -name 'pnpm-lock.yaml' -o -name 'yarn.lock' -o -name 'package.json' -o -name 'requirements.txt' -o -name 'poetry.lock' -o -name 'uv.lock' \\) -print 2>/dev/null)\n\nwhile IFS= read -r pv; do\n [ -z \"$pv\" ] && continue\n name=\"${pv%@*}\"\n ver=\"${pv##*@}\"\n # Build a tolerant pattern. e.g. \"@tanstack/react-router\" at \"1.2.3\"\n # Match common lockfile encodings.\n while IFS= read -r lf; do\n [ -z \"$lf\" ] && continue\n if grep -F -e \"\\\"${name}\\\": \\\"${ver}\\\"\" \\\n -e \"\\\"${name}@${ver}\\\"\" \\\n -e \"${name}@${ver}:\" \\\n -e \"${name}==${ver}\" \\\n -e \"name = \\\"${name}\\\"\" \"$lf\" >/dev/null 2>&1; then\n # second pass: if matched name= alone (poetry/uv), verify version proximity\n if grep -F -e \"\\\"${name}\\\": \\\"${ver}\\\"\" -e \"\\\"${name}@${ver}\\\"\" -e \"${name}@${ver}:\" -e \"${name}==${ver}\" \"$lf\" >/dev/null 2>&1 \\\n || awk -v n=\"$name\" -v v=\"$ver\" '\n /^\\[\\[package\\]\\]/ {pkg=\"\"; ver=\"\"}\n $1==\"name\" {gsub(/\"/,\"\",$3); pkg=$3}\n $1==\"version\" {gsub(/\"/,\"\",$3); ver=$3}\n pkg==n && ver==v {found=1; exit}\n END{exit !found}\n ' \"$lf\" 2>/dev/null; then\n LOCK_HITS=\"${LOCK_HITS}${pv} \u2190 ${lf}\"$'\\n'\n fi\n fi\n done <<< \"$LOCK_FILES\"\ndone <<< \"$BAD_PKGS\"\n\nif [ -n \"$LOCK_HITS\" ]; then\n bad \"compromised package version(s) installed/locked\"\n printf '%s' \"$LOCK_HITS\" | sed 's/^/ /'\nelse\n ok \"no compromised package versions found in lockfiles\"\nfi\n\n# ---------- 8. malicious optionalDependencies / commit hash ----------\nsection \"8. package.json with attacker optionalDependencies or commit hash\"\nOPT_HITS=\"\"\nwhile IFS= read -r pj; do\n if grep -F -e \"$BAD_COMMIT\" -e \"$BAD_COMMIT_FORK\" -e '@tanstack/setup' -e 'github:tanstack/router#79ac49ee' -e 'zblgg/configuration' \"$pj\" >/dev/null 2>&1; then\n OPT_HITS=\"${OPT_HITS}${pj}\"$'\\n'\n fi\ndone < <(find \"$HOME\" \\\n \\( -name .Trash -o -name Library \\) -prune \\\n -o -type f -name 'package.json' -print 2>/dev/null)\nif [ -n \"$OPT_HITS\" ]; then\n bad \"package.json references attacker commit / @tanstack/setup\"\n printf '%s' \"$OPT_HITS\" | sed 's/^/ /'\nelse\n ok \"no package.json references attacker commit\"\nfi\n\n# ---------- 9. running processes ----------\nsection \"9. Running processes\"\nPROC_HITS=$(ps -Aewwo pid,user,command 2>/dev/null \\\n | grep -Ei 'gh-token-monitor|router_init|router_runtime|tanstack_runner|vite_setup|\\.claude/setup\\.mjs|\\.vscode/setup\\.mjs|transformers\\.pyz|MISTRAL_INIT=1' \\\n | grep -v grep)\nif [ -n \"$PROC_HITS\" ]; then\n bad \"suspicious process(es) running\"\n printf '%s\\n' \"$PROC_HITS\" | sed 's/^/ /'\nelse\n ok \"no suspicious processes running\"\nfi\n\n# ---------- 10. LaunchAgents/Daemons (macOS) ----------\nif [ \"$(uname)\" = \"Darwin\" ]; then\n section \"10. macOS LaunchAgents/Daemons referencing malware\"\n LA_HITS=$(find \\\n \"$HOME/Library/LaunchAgents\" \\\n \"/Library/LaunchAgents\" \\\n \"/Library/LaunchDaemons\" \\\n -type f -name '*.plist' 2>/dev/null \\\n | xargs grep -lEi \"gh-token-monitor|router_init|router_runtime|tanstack_runner|vite_setup|$BAD_HOSTS\" 2>/dev/null)\n if [ -n \"$LA_HITS\" ]; then\n bad \"LaunchAgent/Daemon references malware\"\n printf '%s\\n' \"$LA_HITS\" | sed 's/^/ /'\n else\n ok \"no LaunchAgent/Daemon references malware\"\n fi\nfi\n\n# ---------- 11. shell rc + cron ----------\nsection \"11. Shell startup files + crontab\"\nRC_FILES=(\"$HOME/.bashrc\" \"$HOME/.bash_profile\" \"$HOME/.zshrc\" \"$HOME/.zprofile\" \"$HOME/.profile\")\nRC_HITS=\"\"\nfor rc in \"${RC_FILES[@]}\"; do\n [ -f \"$rc\" ] || continue\n if grep -Ei \"gh-token-monitor|router_init|router_runtime|tanstack_runner|vite_setup|setup\\.mjs|$BAD_HOSTS|MISTRAL_INIT\" \"$rc\" >/dev/null 2>&1; then\n RC_HITS=\"${RC_HITS}${rc}\"$'\\n'\n fi\ndone\nif [ -n \"$RC_HITS\" ]; then\n bad \"shell startup file modified\"\n printf '%s' \"$RC_HITS\" | sed 's/^/ /'\nelse\n ok \"shell startup files clean\"\nfi\nCRON_OUT=$(crontab -l 2>/dev/null | grep -Ei \"gh-token-monitor|router_init|router_runtime|vite_setup|setup\\.mjs|transformers\\.pyz|$BAD_HOSTS\")\nif [ -n \"$CRON_OUT\" ]; then\n bad \"crontab contains malware reference\"\n printf '%s\\n' \"$CRON_OUT\" | sed 's/^/ /'\nelse\n ok \"crontab clean\"\nfi\n\n# ---------- 12. C2 hosts in /etc/hosts ----------\nsection \"12. C2 domains in /etc/hosts\"\nHOSTS_HITS=$(grep -Ei \"$BAD_HOSTS\" /etc/hosts 2>/dev/null)\nif [ -n \"$HOSTS_HITS\" ]; then\n bad \"/etc/hosts mentions C2 domain\"\n printf '%s\\n' \"$HOSTS_HITS\" | sed 's/^/ /'\nelse\n ok \"/etc/hosts does not mention known C2 domains\"\nfi\n\n# ---------- 13. git commits attributed to claude@users.noreply ----------\n# Only spot-check repos under common dev dirs; full-disk scan would be too slow.\nsection \"13. Recent git commits as claude@users.noreply.github.com\"\nnote \"looks across ~/Developer ~/Projects ~/Code ~/src ~/repos for repos with such commits\"\nnote \"Socket.dev: attacker forged commits under this identity\"\nGIT_HITS=\"\"\nfor base in \"$HOME/Developer\" \"$HOME/Projects\" \"$HOME/Code\" \"$HOME/src\" \"$HOME/repos\" \"$HOME/work\"; do\n [ -d \"$base\" ] || continue\n while IFS= read -r gd; do\n repo=\"${gd%/.git}\"\n out=$(git -C \"$repo\" log --all --since='2026-04-01' --author='claude@users.noreply.github.com' --pretty='%h %ad %s' --date=short 2>/dev/null | head -n 5)\n if [ -n \"$out\" ]; then\n GIT_HITS=\"${GIT_HITS}${repo}:\"$'\\n'\"${out}\"$'\\n\\n'\n fi\n done < <(find \"$base\" -maxdepth 4 -type d -name .git 2>/dev/null)\ndone\nif [ -n \"$GIT_HITS\" ]; then\n bad \"commits authored as claude@users.noreply.github.com (verify each was made by the legit Claude Code App)\"\n printf '%s' \"$GIT_HITS\" | sed 's/^/ /'\nelse\n ok \"no recent commits by claude@users.noreply.github.com in scanned repos\"\nfi\n\n# ---------- 14. git remotes pointing at attacker fork ----------\nsection \"14. Git remotes referencing attacker fork or commits\"\nREMOTE_HITS=\"\"\nfor base in \"$HOME/Developer\" \"$HOME/Projects\" \"$HOME/Code\" \"$HOME/src\" \"$HOME/repos\" \"$HOME/work\"; do\n [ -d \"$base\" ] || continue\n while IFS= read -r gd; do\n repo=\"${gd%/.git}\"\n rem=$(git -C \"$repo\" remote -v 2>/dev/null | grep -Ei \"$BAD_GH_USERS\")\n if [ -n \"$rem\" ]; then\n REMOTE_HITS=\"${REMOTE_HITS}${repo}:\"$'\\n'\"${rem}\"$'\\n\\n'\n fi\n # also check if the attacker commits are reachable in any local clone\n for c in \"$BAD_COMMIT\" \"$BAD_COMMIT_FORK\"; do\n if git -C \"$repo\" cat-file -e \"$c^{commit}\" 2>/dev/null; then\n REMOTE_HITS=\"${REMOTE_HITS}${repo}: contains attacker commit $c\"$'\\n\\n'\n fi\n done\n done < <(find \"$base\" -maxdepth 4 -type d -name .git 2>/dev/null)\ndone\nif [ -n \"$REMOTE_HITS\" ]; then\n bad \"git remote/commit references attacker account or commit\"\n printf '%s' \"$REMOTE_HITS\" | sed 's/^/ /'\nelse\n ok \"no git remotes/commits reference attacker accounts\"\nfi\n\n# ---------- summary ----------\nprintf '\\n%s\u2550\u2550\u2550\u2550 Result \u2550\u2550\u2550\u2550%s\\n' \"$BLD\" \"$RST\"\nif [ \"$HITS\" -eq 0 ]; then\n cat <\"\n\nReferences:\n - https://openai.com/index/our-response-to-the-tanstack-npm-supply-chain-attack/\n - https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack\n - https://tanstack.com/blog/npm-supply-chain-compromise-postmortem\n - https://docs.mistral.ai/resources/security-advisories\n - GitHub Security Advisory: GHSA-g7cv-rxg3-hmpx (TanStack)\n - GitHub Security Advisory: GHSA-jgg6-4rpr-wfh7 (Mistral npm)\n - GitHub Security Advisory: GHSA-wx9m-wx4f-4cmg (Mistral PyPI)\n\nverdict: SUSPECT\nEOF\nfi\n\nexit 0", "creation_timestamp": "2026-05-15T08:34:35.000000Z"}, {"uuid": "20f593d0-ecdf-4b36-88f4-513c7d935311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-JGG6-4RPR-WFH7", "type": "seen", "source": "https://gist.github.com/alon710/2086198312b306686e313c1e5c4a662e", "content": "# GHSA-JGG6-4RPR-WFH7: GHSA-JGG6-4RPR-WFH7: Mistral AI SDK Supply Chain Compromise via Mini Shai-Hulud Worm\n\n> **CVSS Score:** 9.8\n> **Published:** 2026-05-18\n> **Full Report:** https://cvereports.com/reports/GHSA-JGG6-4RPR-WFH7\n\n## Summary\nA significant supply chain compromise affected official Mistral AI software development kits (SDKs) on both NPM and PyPI ecosystems. The incident involved an automated worm known as 'Mini Shai-Hulud' that leveraged stolen maintainer credentials to publish malicious packages containing secondary dropper payloads.\n\n## TL;DR\nMistral AI's official NPM and PyPI packages were compromised by the Mini Shai-Hulud worm via a developer's stolen session tokens. Malicious package versions containing secondary dropper scripts were published, requiring immediate dependency auditing and secret rotation.\n\n## Exploit Status: WEAPONIZED\n\n## Technical Details\n\n- **Attack Vector**: Supply Chain Compromise\n- **CWE ID**: CWE-506\n- **Impact**: Credential Theft / Arbitrary Code Execution\n- **Vulnerable Packages**: @mistralai/* (NPM), mistralai (PyPI)\n- **Threat Actor / Malware**: Mini Shai-Hulud Worm\n- **Primary Target**: Developer Environments\n\n## Affected Systems\n\n- Developer Workstations\n- CI/CD Pipelines\n- Automated Build Systems\n- **@mistralai/mistralai**: Versions published ~May 12, 2025 (Fixed in: `Latest post-May 12 versions`)\n- **@mistralai/mistralai-azure**: Versions published ~May 12, 2025 (Fixed in: `Latest post-May 12 versions`)\n- **@mistralai/mistralai-gcp**: Versions published ~May 12, 2025 (Fixed in: `Latest post-May 12 versions`)\n- **mistralai (PyPI)**: == 2.4.6 (Fixed in: `Latest post-May 12 versions`)\n\n## Mitigation\n\n- Dependency Auditing\n- Credential Rotation\n- Package Cache Purging\n- Behavioral Detection\n\n**Remediation Steps:**\n1. Audit package.json and requirements.txt for affected package versions.\n2. Remove malicious package versions from the environment.\n3. Execute 'npm cache clean --force' and clear pip caches.\n4. Update to the latest clean versions of the Mistral SDKs.\n5. Rotate all credentials, API keys, and SSO tokens present on affected systems, prioritizing MISTRAL_API_KEY.\n\n## References\n\n- [GHSA-JGG6-4RPR-WFH7 Advisory](https://github.com/advisories/GHSA-JGG6-4RPR-WFH7)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-JGG6-4RPR-WFH7) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-18T19:10:51.000000Z"}]}