Cargo · crates.io
zlayer-builder
Remote Payload: matched "curl\n"
Why PkgRadar flagged 0.12.4
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl\n" · zlayer-builder-0.12.4/src/dockerfile/parser.rs |
| medium | Remote Payload | matched "github.com/denoland/deno/releases/download" · zlayer-builder-0.12.4/src/macos_toolchain.rs |
| medium | Remote Payload | matched "curl " · zlayer-builder-0.12.4/src/windows_builder.rs |
| medium | Remote Payload | matched "curl " · zlayer-builder-0.12.4/src/windows_image_resolver.rs |
| medium | Remote Payload | matched "github.com/denoland/deno/releases/download" · zlayer-builder-0.12.4/src/windows_toolchain.rs |
| medium | Remote Payload | matched "curl " · zlayer-builder-0.12.4/src/zimage/converter.rs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.12.4 | High risk | 72 | 2026-06-11 |
0.12.3 | High risk | 72 | 2026-06-10 |
0.12.2 | High risk | 84 | 2026-06-10 |
0.12.1 | High risk | 84 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem cargo [email protected]