Lucene search

Arr Security Vulnerabilities

cve

CVE-2022-39224

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

7.8CVSS

7.8AI Score

0.001EPSS

2022-09-21 11:15 PM

cve

CVE-2020-35886

An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data...

4.7CVSS

5.7AI Score

0.0004EPSS

2020-12-31 10:15 AM

cve

CVE-2020-35887

An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and...

9.8CVSS

9.7AI Score

0.003EPSS

2020-12-31 10:15 AM

cve

CVE-2020-35888

An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by...

9.8CVSS

9.4AI Score

0.002EPSS

2020-12-31 10:15 AM

cve

CVE-2020-7713

All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the...

9.8CVSS

9.4AI Score

0.005EPSS

2020-09-01 09:15 AM