Описание
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.31.0+dfsg+llvm-2ubuntu1 |
| cosmic | not-affected | 1.31.0+dfsg+llvm-2ubuntu1 |
| devel | not-affected | 1.31.0+dfsg+llvm-2ubuntu1 |
| disco | not-affected | 1.31.0+dfsg+llvm-2ubuntu1 |
| esm-apps/bionic | not-affected | 1.31.0+dfsg+llvm-2ubuntu1 |
| esm-apps/xenial | not-affected | 1.31.0+dfsg+llvm-2ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 1.31.0+dfsg+llvm-2ubuntu1 |
| precise/esm | DNE | |
| trusty | not-affected | 1.31.0+dfsg+llvm-2ubuntu1 |
Показывать по
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 c ...
6.8 Medium
CVSS2
7.8 High
CVSS3