CVE-2020-35918 – branca

Package

Manager: cargo
Name: branca
Vulnerable Version: >=0 <0.10.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00081 pctl0.24592

Details

Unexpected panic when decoding tokens in branca Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding. The documentation stated that an error should have been reported instead.

Metadata

Created: 2021-08-25T20:49:50Z
Modified: 2023-06-13T17:09:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-c9rv-3jmq-527w/GHSA-c9rv-3jmq-527w.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-c9rv-3jmq-527w
Finding: F184
Auto approve: 1