Rust Supply Chain Attacks

[schirrmacher]

Why is this not covered here?

https://securityonline.info/stealth-supply-chain-attack-malicious-rust-crate-used-unpinned-dependency-for-silent-payload-upgrades/

[kam193]

I think... Someone has to contribute the report 😱 There is already support for crates.io, but it seems there is still noone who contribute reports about this ecosystem - https://github.com/ossf/malicious-packages/tree/main/osv/malicious/crates.io

It would be a nice thing if researching teams were contributing a report here each time they make a blogpost, even if they don't do it on the regular basis