- Reported
-
- Issued
-
- Package
-
rands
- Type
-
Vulnerability
- Categories
-
- Patched
-
no patched versions
Description
This crate attempted to typosquat the rand crate, and would link in a malware
payload on macOS and Linux hosts when built.
This advisory is to retrospectively document this attempted attack. The version
information and download records of the malicious crate are no longer
available. The related malicious crates have been yanked, and the malicious
account has been banned.
Advisory available under CC0-1.0
license.