CVE-2021-29922

The CVE-2021-29922 issue affects Rust's standard library, specifically library/std/src/net/parser.rs, where extraneous zero characters at the beginning of an IP address string can lead to octal interpretation and bypasses of IP-based access controls. The vulnerability is present in Rust before 1....

CVE-2021-29922

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation...

CVE-2021-29922

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Rust suffers from a security vulnerability that allows an attacker to bypass IP address-based access control due to an unexpected octal interpretation...

CVE-2021-29922

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation...

CVE-2021-32810

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

Race condition

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

CVE-2021-32810

CVE-2021-32810 concerns crossbeam-deque, a Rust crate used for work-stealing deques in task schedulers. A race condition in versions prior to 0.7.4 and 0.8.0 can cause one or more tasks in a worker queue to be popped twice, with potentially forgotten tasks, leading to a double-free and memory lea...

CVE-2021-32810 Data race in crossbeam-deque

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

CVE-2021-20332

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

CVE-2021-20332

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

Design/Logic Flaw

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

CVE-2021-20332

CVE-2021-20332 affects the MongoDB Rust Driver. The vulnerability arises because certain driver versions may emit monitoring events during pool creation that include credentials used to authenticate connections. If a user’s logging infrastructure ingests these events, credentials could be leaked....

Crossbeam 竞争条件问题漏洞

Crossbeam is a tool for individual developers that applies to concurrent programming. A security vulnerability exists in crossbeam-deque, which is used to build task schedulers when programming in Rust...

PT-2021-13891 · Mongodb · Mongodb Rust Driver

Name of the Vulnerable Software and Affected Versions: MongoDB Rust Driver versions 1.0.0 through 1.2.1 MongoDB Rust Driver version 2.0.0-alpha MongoDB Rust Driver version 2.0.0-alpha1 Description: The issue affects the MongoDB Rust Driver, where specific versions can include credentials used by...

MongoDB 信息泄露漏洞

MongoDB is a document-oriented database management system from the U.S.-based MongoDB, Inc. An information disclosure vulnerability exists in the MongoDB Rust Driver that stems from the fact that specific MongoDB Rust Driver versions can contain credentials used by connection pools to validate...

MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

ckb-analyzer (>=0.37.0 <=0.39.2), ckb-app-config (>=0.37.0 <=0.100.0-rc2) +60 more potentially affected by CVE-2021-45697 via molecule (>=0.2.5 <=0.7.1)

molecule CARGO version =0.2.5, =0.37.0, =0.37.0, =0.4.0, =0.37.0, =0.37.0, =0.37.0, =0.40.0, =0.40.0, =0.37.0, =0.37.0, =0.37.0, =0.37.0, =0.1.0, =0.37.0, =0.39.1 and more Source cves: CVE-2021-45697 Source advisory: OSV:RUSTSEC-2021-0103...