PT-2026-26649 · Crates.Io · Chrono Anchor
Publicado
2026-03-10
·
Atualizado
2026-03-10
Nenhuma
Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
The
chrono anchor crate attempted to exfiltrate .env files to a server that
was in turn impersonating the legitimate timeapi.io service.The malicious crate had 1 version published on 2026-03-04 approximately 6 days
before removal and had no evidence of actual downloads. There were no crates
depending on this crate on crates.io.
Thanks to Socket for reporting this crate. They have published
a blog post about this recent campaign, and we advise users of
timeapi.io to exercise caution when using crates to interact with that
service. Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Chrono Anchor