GHSA-f2wx-xjfw-xjv6

Опубликовано: 17 июл. 2023

Источник: github

Github: Прошло ревью

Описание

topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all

Summary

https://github.com/advisories/GHSA-mc8h-8q98-g5hr https://github.com/XAMPPRocky/remove_dir_all/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead

tempfile v0.4.26 ships with affected remove_dir_all v0.5.3 and so blocks my deployment of v12 to openSUSE distribution because it imposes a clean cargo audit

Updating tempfile is warranted

Ссылки

https://github.com/topgrade-rs/topgrade/security/advisories/GHSA-f2wx-xjfw-xjv6
https://github.com/XAMPPRocky/remove_dir_all/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead
https://github.com/advisories/GHSA-mc8h-8q98-g5hr
https://github.com/topgrade-rs/topgrade/releases/tag/v12.0.0

Пакеты

Наименование

topgrade

rust

Затронутые версииВерсия исправления

<= 12.0.0

12.0.1

Дефекты

CWE-367

Дефекты

CWE-367