Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nY2g1LWh3cWYtbXhocM4AA069
Unsoundness in `intern` methods on `intaglio` symbol interners
Affected versions of this crate have a stacked borrows violation when creating
references to interned contents. All interner types are affected.
The flaw was corrected in version 1.9.0 by reordering move and borrowing
operations and storing interned contents by raw pointer instead of as a Box
.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nY2g1LWh3cWYtbXhocM4AA069
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
Identifiers: GHSA-gch5-hwqf-mxhp
References:
- https://github.com/artichoke/intaglio/pull/236
- https://rustsec.org/advisories/RUSTSEC-2023-0048.html
- https://github.com/advisories/GHSA-gch5-hwqf-mxhp
Blast Radius: 0.0
Affected Packages
cargo:intaglio
Dependent packages: 4Dependent repositories: 3
Downloads: 156,839 total
Affected Version Ranges: < 1.9.0
Fixed in: 1.9.0
All affected versions: 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.6.0, 1.6.1, 1.7.0, 1.8.0
All unaffected versions: 1.9.0, 1.9.1