—

RUSTSEC-2026-0175

`onering` 1.4.1 was removed from crates.io for malicious code

상세

A new version of the `onering` crate was published with code that attempted to exfiltrate both metadata and code from the project it was included within.

One malicious version was published on 2026-06-10, approximately six hours before removal. This crate has no dependencies on crates.io, and there is no evidence of actual usage of the compromised version.

Thanks to Charlie Eriksen for the report.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

crates.io / onering

최초 영향 버전: 1.4.1 수정 버전: 1.4.2-0

Upgrade onering to 1.4.2-0 or newer (ecosystem crates.io).

참고

https://crates.io/crates/onering [PACKAGE]
https://rustsec.org/advisories/RUSTSEC-2026-0175.html [ADVISORY]