term-handler (=0.1.0) potentially affected by CVE-2020-36446 via signal-simple (=0.1.1)

signal-simple CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on signal-simple and may be impacted: - term-handler =0.1.0 Source cves: CVE-2020-36446 Source advisory: OSV:RUSTSEC-2020-0126...

Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>

Affected versions of this crate unconditionally implement Send/Sync for RcuCell. This allows users to send T: !Send to other threads while T enclosed within RcuCell, and allows users to concurrently access T: !Sync by using the APIs of RcuCell that provide access to &T. This can result in memory...

Remote code execution

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and...

abstract-ns (=0.1.0), accumulator (=0.3.0) +112 more potentially affected by CVE-2020-35921 via miow (=0.1.5)

miow CARGO version =0.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on miow and may be impacted: - abstract-ns =0.1.0 - accumulator =0.3.0 - asio =0.1.0 - bipdht =0.1.0, =0.1.1, =0.1.0, =0.2.0, =0.1.0, =0.15.0, =0.1.1, =0.1.0, =0.6.0, =0.6.2 and mor...

CVE-2020-28247

The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs...

CVE-2020-28247

The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs...

Design/Logic Flaw

The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs...

CVE-2020-28247

The CVE-2020-28247 entry concerns the lettre Rust crate (0.10.0-alpha and earlier) where the sendmail transport (transport/sendmail/mod.rs) is vulnerable to argument injection via forged to addresses. The flaw allows arbitrary options to be passed to the sendmail executable, which in some impleme...

HiddenBytes (=0.1.0), Rust-wasm (=0.1.0) +726 more potentially affected by CVE-2020-35916 via image (>=0.10.4 <=0.23.10)

image CARGO version =0.10.4, =0.1.0, =0.1.0, =0.0.3, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =0.3.0 and more Source cves: CVE-2020-35916 Source advisory: OSV:RUSTSEC-2020-0073...

RUSTSEC-2020-0073 Mutable reference with immutable provenance

A mutable reference to a struct was constructed by dereferencing a pointer obtained from slice::asptr. Instead, slice::asmutptr should have been called on the mutable slice argument. The former performs an implicit reborrow as an immutable shared reference which does not allow writing through the...

abra (=0.0.1), abrute (>=0.1.7 <=0.1.9) +702 more potentially affected by CVE-2020-26235 via chrono (>=0.2.16 <=0.4.2)

chrono CARGO version =0.2.16, =0.1.7, =0.1.0, =0.1.0, =0.0.11, =0.7.0, =1.1.0, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.1.1, =0.2.0 and more Source cves: CVE-2020-26235 Source advisory: OSV:RUSTSEC-2020-0159...

RUSTSEC-2020-0140 `Shared` can cause a data race

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

`Shared` can cause a data race

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

efw (=0.1.0) potentially affected by CVE-2020-36209 via late-static (=0.3.0)

late-static CARGO version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on late-static and may be impacted: - efw =0.1.0 Source cves: CVE-2020-36209 Source advisory: OSV:RUSTSEC-2020-0102...

AtomicBox<T> implements Send/Sync for any `T: Sized`

Affected versions of this crate implements Send/Sync for AtomicBox without requiring T: Send/T: Sync. This allows to create data races to T: !Sync and send T: !Send to another thread. Such behavior breaks the compile-time thread safety guarantees of Rust, and allows users to incur undefined...

RUSTSEC-2020-0096 TreeFocus lacks bounds on its Send and Sync traits

Affected versions of im contains TreeFocus that unconditionally implements Send and Sync. This allows a data race in safe Rust code if TreeFocus is extracted from Focus type. Typical users that only use Focus type are not affected...

TreeFocus lacks bounds on its Send and Sync traits

Affected versions of im contains TreeFocus that unconditionally implements Send and Sync. This allows a data race in safe Rust code if TreeFocus is extracted from Focus type. Typical users that only use Focus type are not affected...

Unexpected panic in multihash `from_slice` parsing code

In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...

RUSTSEC-2020-0068 Unexpected panic in multihash `from_slice` parsing code

In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...

AitSar (=0.1.1), AjusteOnuDeReferencia (=0.1.0) +28741 more potentially affected by CVE-2020-35910 +4 more via lock_api (>=0.1.5 <=0.4.14)

lockapi CARGO version =0.1.5, =0.1.0, =0.9.0, =0.0.1-preview.1, =0.1.0-beta.1, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2020-35910, CVE-2020-35911, CVE-2020-35912, CVE-2020-35913, CVE-2020-35914 Source advisory: OSV:RUSTSEC-2020-0070...