- Reported
-
- Issued
-
- Package
-
finch_cli_rust
(crates.io)
- Type
-
Vulnerability
- Patched
-
no patched versions
Description
This attempts to typosquat the existing crate
finch_cli to steal credentials from
local files.
The malicious crate had 1 version published on 2025-12-08 and had been
downloaded 18 times. There were no crates depending on this crate on crates.io.
Thanks to Matthias Zepper of NGI Sweden for
reporting this to the crates.io team!
Advisory available under CC0-1.0
license.