2 matches found
MiracleLinux 9 : rust-1.66.1-2.el9 (AXSA:2023-6341:10)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6341:10 advisory. rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 Tenable has extracted the preceding description block directly from...
ALPINE-CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...