- Reported
-
- Issued
-
- Package
-
sha-rst
(crates.io)
- Type
-
Vulnerability
- Patched
-
no patched versions
Description
This crate was used as a dependency by finch_cli_rust and finch-rst and
contained a malware payload to exfiltrate credentials.
The malicious crate had 1 version published on 2025-12-08 and had been
downloaded 22 times. Other than the other crates above that were part of the
attack, no other crates depedended on this crate.
Thanks to Matthias Zepper of NGI Sweden for
reporting this to the crates.io team!
Advisory available under CC0-1.0
license.