hello-world.rs icon indicating copy to clipboard operation
hello-world.rs copied to clipboard

Published 20 hours ago • verified publisher icon mTvare6

CVE-2020-25575 (High) detected in failure-0.1.8.crate

Open mend-bolt-for-github[bot] opened this issue 3 years ago • 0 comments

CVE-2020-25575 - High Severity Vulnerability

Vulnerable Library - failure-0.1.8.crate

Experimental error handling abstraction.

Library home page: https://crates.io/api/v1/crates/failure/0.1.8/download

Dependency Hierarchy:

  • amethyst-0.15.3.crate (Root Library)
    • amethyst_ui-0.15.3.crate
      • :x: failure-0.1.8.crate (Vulnerable Library)

Found in base branch: master

Vulnerability Details

** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010.

Publish Date: 2020-09-14

URL: CVE-2020-25575

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Mar 29 '22 01:03 mend-bolt-for-github[bot]