shaku icon indicating copy to clipboard operation
shaku copied to clipboard
verified publisher icon AzureMarker

Shaku relies on the anymap which has a critical vulnerability RUSTSEC-2021-0065

Open wolpert opened this issue 1 year ago • 1 comments

re: https://rustsec.org/advisories/RUSTSEC-2021-0065.html re: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38187

Shaku relies on anymap version 0.12.1. All versions of anymap have a confirmed critical vulnerability. The anymap project is unmaintained. Given the above, you should remove the references to anymap within Shaku.

There is anymap2 (https://github.com/azriel91/anymap2) which may or may not be compatible with Shaku.

https://github.com/AzureMarker/shaku/blob/1caef6a5f9a8bbac31a74e063c2bf448c389e097/shaku/Cargo.toml#L14

Change to:

anymap2 = "0.13.0"

wolpert avatar Jul 23 '24 14:07 wolpert

PR: https://github.com/AzureMarker/shaku/pull/49

wolpert avatar Jul 23 '24 14:07 wolpert

Released in v0.6.2

AzureMarker avatar Aug 31 '24 22:08 AzureMarker