FIND-20260406-006 · 2026-04-06 · Innovation Veille

RUSTSEC-2026-0081 — logtrace Malicious Crate Removed from crates.io

cve LOW
The 'logtrace' crate was removed from crates.io for containing malicious code (RUSTSEC-2026-0081). This is a supply chain attack vector. ODS Rust services do not use 'logtrace'. No action required. Noted as part of ongoing supply chain monitoring. Run cargo audit in CI to catch such advisories automatically.

Source

https://rustsec.org/advisories/

ODS Impact

No direct impact — ODS does not use the logtrace crate. Reinforces the importance of running 'cargo audit' in CI pipelines for all ODS Rust services (billing-engine, docstore, pdf-engine, oid, etc.). Note: cargo-audit is not installed in the agent environment per lessons-learned; it should be added to GitHub Actions CI.

Security Review

License: N/A | Maintenance: ABANDONED | Risk: HIGH | Recommendation: DO_NOT_USE

Tags

rust cve supply-chain malicious-crate crates.io cargo-audit
Generated by ODS Innovation Veille · 2026-04-06T03:21:40+00:00