{"id":"RUSTSEC-2023-0110","summary":"`postgresderive` was removed from crates.io for malicious code","details":"This crate was part of a typosquatting malware cluster published by the\nmalicious user `amaperf` and contained a malware payload in `build.rs` to\nexfiltrate host information to the attacker.\n\nThis advisory is to retrospectively document this attempted attack. The version\ninformation and download records of the malicious crate are no longer\navailable. The related malicious crates have been yanked, and the malicious\naccount has been banned.\n\nThanks to Louis Lang at [Phylum] (now [Veracode]) for reporting this malware\ncampaign.\n\n[Phylum]: https://phylum.io/\n[Veracode]: https://www.veracode.com/","modified":"2026-03-26T06:30:30.725365Z","published":"2023-08-18T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/postgresderive"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0110.html"}],"affected":[{"package":{"name":"postgresderive","ecosystem":"crates.io","purl":"pkg:cargo/postgresderive"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"cvss":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0110.json","informational":null,"categories":["malicious"]}}],"schema_version":"1.7.5"}