2 matches found
Amazon Linux 2023 : cargo-c (ALAS2023-2026-1872)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1872 advisory. gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled...
CVE-2026-5222
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...