- Reported
-
- Issued
-
- Package
-
pretty-changelog-logger
- Type
-
Vulnerability
- Categories
-
- Patched
-
no patched versions
Description
pretty-changelog-logger contains a build script (build.rs) that acts as a loader/dropper for malicious payloads.
The malicious crate had 3 versions published on 2026-04-08 that had a total of 2239 downloads. There were no crates depending on this crate on crates.io.
Thanks to Socket.dev for detecting and reporting this to the crates.io team!
Advisory available under CC0-1.0
license.