- Reported
-
- Issued
-
- Package
-
tracing-ethers
(crates.io)
- Type
-
Vulnerability
- Patched
-
no patched versions
Description
The tracing-ethers crate attempted to exfiltrate ssh keys to an app hosted on vercel.app
The malicious crate had 9 version published on 2026-03-09 approximately 5 days
before removal and had no evidence of actual downloads. There were no crates
depending on this crate on crates.io.
Thanks to the user killa for reporting this malicious crate.
Advisory available under CC0-1.0
license.