ncurses-rs icon indicating copy to clipboard operation
ncurses-rs copied to clipboard
verified publisher icon jeaye

Critical 9.8/10 vulnerability for this library

Open vwbusguy opened this issue 3 years ago • 4 comments

According to GitHub depandabot this library now has a 9.8/10 vulnerability at the current version (5.101.0) as well as a 7.5/10 high.

Here are the CVEs: CVE-2019-15548 CVE-2019-15547

Here's the corresponding Rust Advisory.

vwbusguy avatar Jun 06 '22 20:06 vwbusguy

Thanks for sharing. I'd love a PR to fix each of these. For the latter one, the fn has been deprecated. For the former, there's been a comment there for a while, since the code was suspected to be incorrect. I haven't used Rust much in years, so I'm hoping someone else can pick this up. Perhaps @Ella-0?

jeaye avatar Jun 11 '22 17:06 jeaye

I'd love to help, but the repo I linked to in my OP represents the current extent of my own Rust knowledge. I did that pancurses/ncurses-rs project a few years ago as a way to learn Rust myself, but I'm certainly more than a little rust-y on it since I haven't really touched it since then.

vwbusguy avatar Jun 13 '22 20:06 vwbusguy

Perhaps @Ella-0?

Currently I'm in the middle of exams but I can have a look after they finish.

Ella-0 avatar Jun 13 '22 21:06 Ella-0

Perhaps @Ella-0?

Currently I'm in the middle of exams but I can have a look after they finish.

Excellent. You're the best. Best of luck with your exams. :D

jeaye avatar Jun 16 '22 17:06 jeaye