hello-world.rs icon indicating copy to clipboard operation
hello-world.rs copied to clipboard

Published 20 hours ago • verified publisher icon mTvare6

CVE-2019-25010 (High) detected in failure-0.1.8.crate

Open mend-bolt-for-github[bot] opened this issue 4 years ago • 0 comments

CVE-2019-25010 - High Severity Vulnerability

Vulnerable Library - failure-0.1.8.crate

Experimental error handling abstraction.

Library home page: https://crates.io/api/v1/crates/failure/0.1.8/download

Dependency Hierarchy:

  • amethyst-0.15.3.crate (Root Library)
    • amethyst_ui-0.15.3.crate
      • :x: failure-0.1.8.crate (Vulnerable Library)

Found in HEAD commit: a5a175063bd51fcbbce0eaba88d1b9b6ad315911

Found in base branch: master

Vulnerability Details

An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when private_get_type_id is overridden.

Publish Date: 2020-12-31

URL: CVE-2019-25010

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Sep 27 '21 15:09 mend-bolt-for-github[bot]