abacuz (=0.1.1), almel (>=1.2.0 <=1.3.0) +531 more potentially affected by CVE-2023-22742 via libgit2-sys (>=0.10.0 <=0.13.2+1.4.2)

libgit2-sys CARGO version =0.10.0, =1.2.0, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2023-22742 Source advisory: OSV:RUSTSEC-2023-0003...

git2 does not verify SSH keys by default

The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned...

CVE-2023-22499

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

Code injection

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

CVE-2023-22499 Interactive permission prompt spoofing in Deno

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

CVE-2023-22499

CVE-2023-22499 (Deno) describes a race-condition vulnerability where multi-threaded code could spoof the interactive permission prompt by rewriting the prompt, potentially clearing the terminal and displaying a generic message. Affected component: Deno runtime (JavaScript/TypeScript, built with R...

CVE-2023-22499 Interactive permission prompt spoofing in Deno

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.

...

Google to support the use of Rust in Chromium

In a blog by the Chrome security team we learned that the Chromium project is going to support the use of third-party Rust libraries from C++ in Chromium. This is good news because Rust is a so-called memory-safe programming language. So using it in a widespread program like Chrome and the other...

GuiNistRs (=0.1.0), ablavema (=0.4.2) +330 more potentially affected by CVE-2022-45299 via webbrowser (>=0.1.3 <=0.8.15)

webbrowser CARGO version =0.1.3, =0.0.6, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.0.7-alpha.1, =0.0.7-alpha.1, =0.1.0, =0.1.0, =1.0.9, =0.1.0, =0.1.2 - antigravity =0.0.5 and more Source cves: CVE-2022-45299 Source advisory: OSV:GHSA-M589-MV4Q-P7RJ...

webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

Design/Logic Flaw

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

UBUNTU-CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

[SECURITY] Fedora 37 Update: rust-1.66.1-1.fc37

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

webbrowser 路径遍历漏洞

webbrowser is a Rust library by the individual developer Amod Malviya for opening URLs in web browsers available on the platform. A security vulnerability exists in rust-lang webbrowser-rs version v0.8.2, which stems from its IpFile parameter that allows an attacker to access arbitrary files via ...