- Reported
-
- Issued
-
- Package
-
tree-sitter-pkl
- Type
-
Vulnerability
- Categories
-
- Patched
-
no patched versions
Description
tree-sitter-pkl was part of a campaign that attempted to exfiltrate
environmental data from the host.
The malicious crate had 1 version published in March 2025, and had no evidence
of actual usage. This crate had no dependencies on crates.io.
Advisory available under CC0-1.0
license.