rpm package
almalinux/rust
pkg:rpm/almalinux/rust
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38497 | — | < 1.66.1-2.el9_2 | 1.66.1-2.el9_2 | Aug 4, 2023 | Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files write | ||
| CVE-2022-21658 | — | < 1.58.1-1.module_el8.6.0+2748+176088b3 | 1.58.1-1.module_el8.6.0+2748+176088b3 | Jan 20, 2022 | Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink | ||
| CVE-2021-42574 | — | < 1.54.0-3.module_el8.5.0+2599+d655d86c | 1.54.0-3.module_el8.5.0+2599+d655d86c | Nov 1, 2021 | An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested |
- CVE-2023-38497Aug 4, 2023affected < 1.66.1-2.el9_2fixed 1.66.1-2.el9_2
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files write
- CVE-2022-21658Jan 20, 2022affected < 1.58.1-1.module_el8.6.0+2748+176088b3fixed 1.58.1-1.module_el8.6.0+2748+176088b3
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink
- CVE-2021-42574Nov 1, 2021affected < 1.54.0-3.module_el8.5.0+2599+d655d86cfixed 1.54.0-3.module_el8.5.0+2599+d655d86c
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested