15 matches found
Amazon tough 路径遍历漏洞
Amazon Tough is a Rust client library from Amazon, a subsidiary of The Update Framework TUF. Versions prior to tough-v0.22.0 contained a path traversal vulnerability. This vulnerability stemmed from incomplete path traversal fixes, which could allow remote authenticated users to write to files...
EUVD-2022-6950
Malicious code in bioql PyPI...
EUVD-2022-7215
Malicious code in bioql PyPI...
Amazon tough 安全漏洞
Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from a lack of validation of terminating delegates, which could result in a client fetching a target from the wro...
Amazon tough 安全漏洞
Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from the client failing to detect a rollback of a delegated target during a target rollback, which could cause th...
Amazon tough 安全漏洞
Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from a lack of validation of the version number of the root metadata, which could result in a client obtaining th...
matrix-rust-sdk 安全漏洞
matrix-rust-sdk is a Matrix open source implementation of the Matrix client-server library in Rust. A security vulnerability exists in matrix-rust-sdk prior to version 0.8.0, which stems from the lack of a dedicated mechanism to notify a user of a change in cryptographic identity from verified to...
NATS TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. A fix for the nats crate hasn't been released yet. Since the nats crate is going to be deprecated anyway, consider switching to async-nats = 0.29 which already fixed this vulnerability. The common name of the server's TLS...
GHSA-WVC4-J7G5-4F79 NATS TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. A fix for the nats crate hasn't been released yet. Since the nats crate is going to be deprecated anyway, consider switching to async-nats = 0.29 which already fixed this vulnerability. The common name of the server's TLS...
GHSA-F5V5-CCQC-6W36 async-nats vulnerable to TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...
async-nats vulnerable to TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...
RUSTSEC-2023-0027 TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...
RUSTSEC-2023-0029 TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...
TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...
TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...