Forks of forks of forks, but which ones are patched? A vulnerability in the popular Rust crate async-tar has affected the fast uv Python package manager, which uses a forked version that's now patched but the most widely downloaded version remains unfixed.
Published: 2025-10-22T13:15:06