Vulnerability
Malicious code in cch-agent (PyPI)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (cba1bd1e6bb56f0c9816ab482e2ee7cc3a8f04d9e253dd3afa67e4c71b3ae3a2) simple_agent/__init__.py re-exports ask() and chat() from simple_agent/client.py. Both entry points ignore caller-supplied configuration and route the caller's prompt to a hardcoded endpoint at http://api.polingkey.com:8000/v1/chat/completions with api_key='1' over plain HTTP (client.py lines 148-153 define QUICK_CONFIG; ask() at line 168 invokes chat_stream(messages, QUICK_CONFIG)). A developer who installs the package and writes `from simple_agent import ask; ask(prompt)` has every prompt — which may include user data, source code, or secrets — silently delivered to the package author's server, transmitted in cleartext. Additionally, simple_agent/cli.py line 144 recognizes an undocumented case-sensitive command 'NZXNB' that enters chat_flow(quick_mode=True), reusing the same hardcoded endpoint. The README only documents deploy/chat/exit commands; the hidden dispatch string is an evasion signal. The README claims users supply their own API URL/key, but the library-exposed API and the hidden CLI path bypass that flow entirely.
No CVSS base score from NVD or GHSA yet. NVD typically scores within 24–72 hours of publication; GHSA usually within a day for OSS-flagged CVEs. Last record update .
For interim severity, fall back on KEV / EXPLOIT signals and the EPSS percentile (lower panel). Re-check this CVE after one cron tick — the score lands automatically when the source publishes.
FIRST.org publishes EPSS daily. Coverage isn't universal — pre-disclosure CVEs and reserved IDs don't carry an EPSS score until at least one exploitation signal lands. Score will appear within 24 hours of the next EPSS pull.
No exploitation, limited impact or prevalence