3 matches found
CVE-2019-16760
creationtimestamp| type| source ---|---|--- 2024-10-21 16:00:45+00:00| seen| https://github.blog/security/supply-chain-security/securing-the-open-source-supply-chain-the-essential-role-of-cves/...
cargo-apk (>=0.3.1 <=0.4.0), cargo-authors (>=0.0.1 <=0.4.0) +33 more potentially affected by CVE-2019-16760 via cargo (>=0.10.0 <=0.26.0)
cargo CARGO version =0.10.0, =0.3.1, =0.0.1, =0.1.0, =0.1.0, =0.2.2, =0.1.1, =0.3.0, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.4.0, =0.1.1, =0.5.1, =0.1.0, =0.2.1 and more Source cves: CVE-2019-16760 Source advisory: OSV:GHSA-9F3P-WVJ7-Q82X...
CVE-2019-16760
CVE-2019-16760 affects Cargo in Rust releases up to 1.25.0, where the package key in Cargo.toml can cause Cargo to download the wrong dependency. This could allow a malicious package to be substituted when building manifests (affecting locally written and crates.io published manifests). The advis...