crates.io package
deepseek-tui-cli
pkg:cargo/deepseek-tui-cli
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-45311 | cri | — | >= 0.3.0, < 0.8.23 | 0.8.23 | May 14, 2026 | ### Summary The `run_tests` tool executes `cargo test` in the workspace with `ApprovalRequirement::Auto`, meaning it runs without any user approval prompt. The source code explicitly states this design choice: ```rust fn approval_requirement(&self) -> ApprovalRequirement { | |
| CVE-2026-45310 | hig | — | < 0.8.22 | 0.8.22 | May 14, 2026 | ### Summary The `fetch_url` tool validates the initial URL's resolved IP address against a restricted-IP blocklist (`is_restricted_ip()`) to prevent SSRF attacks against internal services (cloud metadata endpoints, localhost, private networks). However, the HTTP client (`reqwest` |
- affected >= 0.3.0, < 0.8.23fixed 0.8.23
### Summary The `run_tests` tool executes `cargo test` in the workspace with `ApprovalRequirement::Auto`, meaning it runs without any user approval prompt. The source code explicitly states this design choice: ```rust fn approval_requirement(&self) -> ApprovalRequirement {
- affected < 0.8.22fixed 0.8.22
### Summary The `fetch_url` tool validates the initial URL's resolved IP address against a restricted-IP blocklist (`is_restricted_ip()`) to prevent SSRF attacks against internal services (cloud metadata endpoints, localhost, private networks). However, the HTTP client (`reqwest`