GHSA-c9rv-3jmq-527w

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 5.5

Описание

Unexpected panic when decoding tokens in branca

Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding. The documentation stated that an error should have been reported instead.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-35918
https://github.com/return/branca/issues/24
https://github.com/tuupola/branca-spec/issues/22
https://github.com/return/branca/commit/7da3274bd99b05dce9c3f9b4b129d0145c71820b
https://rustsec.org/advisories/RUSTSEC-2020-0075.html

Пакеты

Наименование

branca

rust

Затронутые версииВерсия исправления

< 0.10.0

0.10.0

EPSS

Процентиль: 24%

0.00081

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2020-35918

Дефекты

CWE-20

Связанные уязвимости

CVE-2020-35918

CVSS3: 5.5

nvd

около 5 лет назад

An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic.

EPSS

Процентиль: 24%

0.00081

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2020-35918

Дефекты

CWE-20