- Reported
-
- Issued
-
- Package
-
finch-rst
(crates.io)
- Type
-
Vulnerability
- Patched
-
no patched versions
Description
This attempts to typosquat the existing crate
finch to steal credentials from local
files.
The malicious crate had 1 version published on 2025-12-08 and had been
downloaded 21 times. There were no crates depending on this crate on crates.io.
Thanks to Matthias Zepper of NGI Sweden for
reporting this to the crates.io team!
Advisory available under CC0-1.0
license.