Lucene search
+L

7 matches found

SUSE CVE
SUSE CVE
added 2026/05/27 10:59 a.m.14 views

SUSE CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References3
NVD
NVD
added 2026/05/25 10:16 a.m.17 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/05/25 10:16 a.m.8 views

ALPINE-CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

5.3CVSS5.9AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2026/05/25 10:16 a.m.8 views

DEBIAN-CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

5.3CVSS5.9AI score0.00294EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/25 8:57 a.m.20 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/25 8:57 a.m.43 views

CVE-2026-5223 Crates in third party registries can override the cached source of other crates

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS0.00294EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/06/04 12:29 p.m.4 views

SUSE CVE-2023-40030

Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...

6.1CVSS7AI score0.00846EPSS
Exploits0References6
Rows per page
Query Builder