EUVD-2022-0747

Malicious code in bioql PyPI...

actix-lua (=0.2.0), age (>=0.5.0 <=0.6.1) +99 more potentially affected by CVE-2021-45712 via rust-embed (>=0.5.2 <=5.9.0)

rust-embed CARGO version =0.5.2, =0.5.0, =0.0.0, =0.1.0, =0.5.1, =0.1.0, =0.2.0, =0.1.0, =1.0.1, =0.1.0, =1.0.0, =0.1.31, =0.1.36 and more Source cves: CVE-2021-45712 Source advisory: OSV:GHSA-CGW6-F3MJ-H742...

actix-lua (=0.2.0), age (>=0.5.0 <=0.6.1) +99 more potentially affected by CVE-2021-45712 via rust-embed (>=0.5.2 <=5.9.0)

rust-embed CARGO version =0.5.2, =0.5.0, =0.0.0, =0.1.0, =0.5.1, =0.1.0, =0.2.0, =0.1.0, =1.0.1, =0.1.0, =1.0.0, =0.1.31, =0.1.36 and more Source cves: CVE-2021-45712 Source advisory: OSV:GHSA-XRG3-HMF3-RVGW...

GHSA-XRG3-HMF3-RVGW Path Traversal in rust-embed

When running in debug mode and the debug-embed off by default feature is not enabled, the generated get method does not check that the input path is a child of the folder given. This allows attackers to read arbitrary files in the file system if they have control over the filename given. The...

rust-embed directory traversal vulnerability

rust-embed is the embedding of static assets into rust binaries. rust-embed versions prior to 6.3.0 have security vulnerabilities that can be exploited by attackers in debug mode to cause directory traversal...

CVE-2021-45712

An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode...

CVE-2021-45712

An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode...

CVE-2021-45712

An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode...

CVE-2021-45712

The CVE-2021-45712 entry affects the rust-embed crate for Rust prior to 6.3.0. In debug mode, the generated Asset::get path traversal vulnerability occurs when the input path isn’t properly constrained, allowing ‘..’ segments to access files outside the assets folder. Documented analyses (OSV/RUS...

Rust rust-embed crate 路径遍历漏洞

rust-embed is the embedding of static assets into rust binaries. rust-embed versions prior to 6.3.0 have security vulnerabilities that can be exploited by attackers in debug mode to cause directory traversal...

actix-lua (=0.2.0), age (>=0.5.0 <=0.6.1) +99 more potentially affected by CVE-2021-45712 via rust-embed (>=0.5.2 <=5.9.0)

rust-embed CARGO version =0.5.2, =0.5.0, =0.0.0, =0.1.0, =0.5.1, =0.1.0, =0.2.0, =0.1.0, =1.0.1, =0.1.0, =1.0.0, =0.1.31, =0.1.36 and more Source cves: CVE-2021-45712 Source advisory: OSV:RUSTSEC-2021-0126...