Cargo · crates.io
forjar
Webhook Exfil Endpoint: matched "hooks.slack.com/services/"
Why PkgRadar flagged 1.6.2
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "hooks.slack.com/services/" · forjar-1.6.2/src/core/store/tests_falsify_spec_c.rs |
| high | Webhook Exfil Endpoint | matched "hooks.slack.com/services/" · forjar-1.6.2/src/core/store/tests_secret_scan.rs |
| medium | Remote Payload | matched "github.com/{}/releases/download" · forjar-1.6.2/src/cli/dist_checksums.rs |
| medium | Remote Payload | matched "github.com/${{REPO}}/releases/download" · forjar-1.6.2/src/cli/dist_generators.rs |
| medium | Remote Payload | matched "github.com/{}/releases/download" · forjar-1.6.2/src/cli/dist_generators_b.rs |
| medium | Remote Payload | matched "github.com/{}/releases/download" · forjar-1.6.2/src/cli/dist_homebrew.rs |
| medium | Remote Payload | matched "curl " · forjar-1.6.2/src/cli/lint.rs |
| medium | Remote Payload | matched "curl " · forjar-1.6.2/src/cli/tests_agent_registry.rs |
| medium | Remote Payload | matched "curl " · forjar-1.6.2/src/cli/tests_agent_registry_cov.rs |
| medium | Remote Payload | matched "curl\n" · forjar-1.6.2/src/cli/tests_cbom.rs |
| medium | Remote Payload | matched "curl\n " · forjar-1.6.2/src/cli/tests_cov_remaining_10_b.rs |
| medium | Remote Payload | matched "github.com/acme/tool/releases/download" · forjar-1.6.2/src/cli/tests_dist_verify_tier2.rs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.6.2 | High risk | 225 | 2026-06-13 |
1.6.1 | High risk | 225 | 2026-06-13 |
Block this in CI
pkgradar gate --ecosystem cargo [email protected]