9527 matches found
CVE-2023-40030
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...
AZL-28511 CVE-2023-40030 affecting package rust for versions less than 1.72.0-2
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...
CVE-2023-40030
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...
Cross site scripting
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...
CVE-2023-40030
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...
CVE-2023-40030
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...
CVE-2023-40030
Summary (CVE-2023-40030): Cargo could include unescaped Cargo feature names in the timings report, enabling potential cross-site scripting if the report is uploaded to a site that uses credentials. This affects builds using dependencies from git/local paths/alternative registries; crates.io-only ...
CVE-2023-40030 Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...
CVE-2023-40030 Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...
CVE-2023-40030 Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...
GHSA-WRRJ-H57R-VX9P Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
The Rust Security Response WG was notified that Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to XSS if the report is subsequent...
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
The Rust Security Response WG was notified that Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to XSS if the report is subsequent...
RLSA-2023:4634 Important: rust security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...
rust security update
An update is available for rust. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc, the cargo...
RLSA-2023:4635 Important: rust-toolset:rhel8 security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...
rust-toolset:rhel8 security update
An update is available for module.rust, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc,...
Rust 跨站脚本漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in Rust versions prior to 1.60.0 through 1.72, which stems from a cross-site scripting XSS vulnerability due to not properly escaping the Cargo feature name...
Rocky Linux 9 : rust (RLSA-2023:4634)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4634 advisory. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...
OpenDataSH_twitter_notifier (>=0.1.0 <=0.1.2), a2 (>=0.2.0 <=0.6.2) +3004 more potentially affected by CVE-2018-16875 via webpki (>=0.18.1 <=0.21.4)
webpki CARGO version =0.18.1, =0.1.0, =0.2.0, =0.1.0, =0.2.0-beta.4, =0.1.1, =0.0.1, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.0.7-alpha.1, =0.0.7-alpha.3, =1.0.0, =0.1.0, =0.8.0, =0.1.0, =0.2.2, =2.0.0-alpha.4 and more Source cves: CVE-2018-16875 Source advisory: OSV:RUSTSEC-2023-0052...
[SECURITY] Fedora 37 Update: rust-1.71.1-1.fc37
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...