Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...
7.8CVSS
7.8AI Score
0.001EPSS
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data...
4.7CVSS
5.7AI Score
0.0004EPSS
An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and...
9.8CVSS
9.7AI Score
0.003EPSS
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by...
9.8CVSS
9.4AI Score
0.002EPSS
All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the...
9.8CVSS
9.4AI Score
0.005EPSS