cap-dir-ext (>=0.3.0 <=0.6.0), cap-fs-ext (>=0.7.0 <=0.26.1) +7 more potentially affected by CVE-2024-51756 via cap-async-std (>=0.10.0 <=0.9.0)

cap-async-std CARGO version =0.10.0, =0.3.0, =0.7.0, =0.1.0, =0.1.0, =0.2.0, =0.0.0, =0.5.3, =0.23.0 Source cves: CVE-2024-51756 Source advisory: OSV:GHSA-HXF5-99XG-86HW...

CVE-2024-51756 cap-std doesn't fully sandbox all the Windows device filenames

The cap-std project is organized around the eponymous cap-std crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however i...

CVE-2024-51756

The cap-std project is organized around the eponymous cap-std crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however i...

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +93 more potentially affected by CVE-2024-51756 via cap-primitives (>=0.10.0 <=3.0.0)

cap-primitives CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.3.0, =0.1.0, =0.7.0, =1.0.11, =0.1.0, =0.1.1, =0.1.0, =0.3.0, =0.5.2, =0.1.1, =0.1.0, =0.1.0, =0.2.3 and more Source cves: CVE-2024-51756 Source advisory: OSV:RUSTSEC-2024-0445...

RUSTSEC-2024-0445 cap-primitives doesn't fully sandbox all the Windows device filenames

Impact cap-primitives's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", a...