The Windows implementation of this crate relied on the behavior of
std::char::from_u32_unchecked
when its safety clause is violated.
Even though this worked with Rust versions up to 1.42 (at least),
that behavior could change with any new Rust version, possibly leading
a security issue.
The flaw was corrected in version 2.0.0.
CPE | Name | Operator | Version |
---|---|---|---|
os_str_bytes | lt | 2.0.0 |