hello-world.rs icon indicating copy to clipboard operation
hello-world.rs copied to clipboard

Published 20 hours ago β€’ verified publisher icon mTvare6

WS-2022-0242 (High) detected in owning_ref-0.3.3.crate

Open mend-bolt-for-github[bot] opened this issue 2 years ago β€’ 1 comments

WS-2022-0242 - High Severity Vulnerability

Vulnerable Library - owning_ref-0.3.3.crate

A library for creating references that carry their owner with them.

Library home page: https://crates.io/api/v1/crates/owning_ref/0.3.3/download

Dependency Hierarchy:

  • chashmap-2.2.2.crate (Root Library)
    • :x: owning_ref-0.3.3.crate (Vulnerable Library)

Found in HEAD commit: a5a175063bd51fcbbce0eaba88d1b9b6ad315911

Found in base branch: master

Vulnerability Details

All versions of owning_ref in Rust have multiple soundness issues that may result in a use-after free. The crate violates Rust's aliasing rules, which may cause miscompilations on recent compilers that emit the LLVM noalias attribute.

Publish Date: 2022-01-26

URL: WS-2022-0242

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Aug 15 '22 05:08 mend-bolt-for-github[bot]

this security vulnerability is a false πŸš€ positive because rust(πŸš€πŸš€πŸš€) is πŸš€ everything πŸš€ safe πŸš€πŸš€πŸš€πŸš€

Joshument avatar Sep 08 '22 03:09 Joshument

but rustπŸš€πŸš€πŸš€πŸš€πŸš€πŸš€ is extremely (πŸš€πŸš€πŸš€πŸš€πŸš€πŸš€πŸš€πŸš€) blazing fast :fire: πŸš€πŸš€πŸš€πŸš€πŸš€πŸš€πŸš€

neu-ma-tic avatar Sep 20 '22 04:09 neu-ma-tic