Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1nY2g1LWh3cWYtbXhocM4AA069

Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating
references to interned contents. All interner types are affected.

The flaw was corrected in version 1.9.0 by reordering move and borrowing
operations and storing interned contents by raw pointer instead of as a Box.

Permalink: https://github.com/advisories/GHSA-gch5-hwqf-mxhp
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nY2g1LWh3cWYtbXhocM4AA069
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: over 1 year ago


Identifiers: GHSA-gch5-hwqf-mxhp
References: Repository: https://github.com/artichoke/intaglio
Blast Radius: 0.0

Affected Packages

cargo:intaglio
Dependent packages: 4
Dependent repositories: 3
Downloads: 156,839 total
Affected Version Ranges: < 1.9.0
Fixed in: 1.9.0
All affected versions: 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.6.0, 1.6.1, 1.7.0, 1.8.0
All unaffected versions: 1.9.0, 1.9.1