GHSA-xp79-9mxw-878j

Опубликовано: 12 фев. 2026

Источник: github

Github: Прошло ревью

Описание

finch-rst was removed from crates.io for malicious code

This attempts to typosquat the existing crate finch to steal credentials from local files.

The malicious crate had 1 version published on 2025-12-08 and had been downloaded 21 times. There were no crates depending on this crate on crates.io.

Thanks to Matthias Zepper of NGI Sweden for reporting this to the crates.io team!

Ссылки

https://rustsec.org/advisories/RUSTSEC-2025-0150.html

Пакеты

Наименование

finch-rst

rust

Затронутые версииВерсия исправления

Отсутствует

Дефекты

CWE-506

Дефекты

CWE-506