Amazon Linux 2023 : glycin-loaders (ALAS2023-2025-1193)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1193 advisory. tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence...

Fedora 43 : rustup (2025-597afa65a9)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-597afa65a9 advisory. Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. Tenable has extracted the preceding description block directly from the Fedora security...

Amazon Linux 2023 : cargo-c (ALAS2023-2025-1180)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1180 advisory. tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence...

[SECURITY] Fedora 43 Update: rust-tracing-subscriber-0.3.20-1.fc43

Utilities for implementing and composing tracing subscribers...

Fedora 43 : tuigreet (2025-df23dd806a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-df23dd806a advisory. Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 43 : rust-busd (2025-f4e467b889)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f4e467b889 advisory. Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 43 : ruff (2025-91981ea84d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-91981ea84d advisory. Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. Tenable has extracted the preceding description block directly from the Fedora security...

[SECURITY] Fedora 42 Update: rust-tracing-subscriber-0.3.20-1.fc42

Utilities for implementing and composing tracing subscribers...

Fedora 41 : rust-matchers / rust-tracing-subscriber (2025-874b407d96)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-874b407d96 advisory. - Update the tracing-subscriber crate to version 0.3.20. - Update the matchers crate to version 0.2.0. This update also includes a fix for CVE-2025-58160...

SUSE CVE-2025-58160

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

AZL-73211 CVE-2025-58160 affecting package kata-containers 3.19.1.kata2-6

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

CVE-2025-58160

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

DEBIAN-CVE-2025-58160

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

AZL-73247 CVE-2025-58160 affecting package rust 1.72.0-14

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

CVE-2025-58160

CVE-2025-58160 affects Rust tracing-subscriber prior to 0.3.20. Untrusted input with ANSI escape sequences could be injected into terminal output, potentially allowing manipulation of terminal title bars, screen clearing, or display changes. The vulnerability is fixed in 0.3.20 by escaping ANSI c...

CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

GHSA-XWFJ-JGWM-7WP5 Tracing logging user input may result in poisoning logs with ANSI escape sequences

Impact Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to: - Manipulate terminal title bars - Clear screens o...

SockJS Input Validation Error Vulnerability

SockJS is a browser JavaScript library . A security vulnerability exists in SockJS versions prior to 0.3.20, which stems from the program's failure to properly handle the Upgrade header. An attacker could exploit this vulnerability to cause the container hosting the sockjs application to crash...