Potential stack use-after-free in `Instrumented::into_inner`

The implementation of the Instrumented::intoinner method in affected versions of this crate contains undefined behavior due to incorrect use of std::mem::forget The function creates const pointers to self, calls mem::forgetselfstd::mem::forget, and then moves values out of those pointers using...

CVE-2023-45812

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

CVE-2023-45812

CVE-2023-45812 affects Apollo Router (Rust). A DoS can occur when handling multi-part responses if the client uses queries with @defer or Subscriptions and the router is configured with a coprocessor level coprocessor.supergraph.response in router.yaml. The vulnerability can cause the router to p...

CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

AZL-35242 CVE-2023-45853 affecting package rust for versions less than 1.75.0-1

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

AZL-61279 CVE-2023-45853 affecting package rust for versions less than 1.85.0-1

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

AZL-31496 CVE-2023-45853 affecting package rust for versions less than 1.72.0-5

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

amadeus (>=0.3.5 <=0.4.3), amadeus-parquet (>=0.3.5 <=0.4.3) +103 more potentially affected by unknown CVE via fehler (=1.0.0)

fehler CARGO version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on fehler and may be impacted: - amadeus =0.3.5, =0.3.5, =0.9.0, =0.9.0, =1.0.0, =0.0.2, =0.7.0, =0.5.0, =0.1.0, =0.2.0, =0.1.0, =0.2.0, =0.3.2 and more Source cves: unknown CVE...

CVE-2023-27538 affecting package rust for versions less than 1.72.0-2

CVE-2023-27538 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-23915 affecting package rust for versions less than 1.72.0-2

CVE-2023-23915 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-29942 affecting package rust for versions less than 1.72.0-1

CVE-2023-29942 affecting package rust for versions less than 1.72.0-1. A patched version of the package is available...

CVE-2023-29932 affecting package rust for versions less than 1.72.0-2

CVE-2023-29932 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-27534 affecting package rust for versions less than 1.72.0-2

CVE-2023-27534 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-0286 affecting package rust for versions less than 1.72.0-2

CVE-2023-0286 affecting package rust for versions less than 1.72.0-2. This CVE either no longer is or was never applicable...

CVE-2023-23916 affecting package rust for versions less than 1.72.0-2

CVE-2023-23916 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-43552 affecting package rust for versions less than 1.72.0-2

CVE-2022-43552 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-22466 affecting package rust for versions less than 1.72.0-2

CVE-2023-22466 affecting package rust for versions less than 1.72.0-2. This CVE either no longer is or was never applicable...

CVE-2023-28321 affecting package rust for versions less than 1.72.0-2

CVE-2023-28321 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...