GHSA-gch5-hwqf-mxhp – intaglio

Package

Manager: cargo
Name: intaglio
Vulnerable Version: >=0 <1.9.0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Unsoundness in `intern` methods on `intaglio` symbol interners Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a `Box`.

Metadata

Created: 2023-07-27T19:29:41Z
Modified: 2023-07-27T19:29:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-gch5-hwqf-mxhp/GHSA-gch5-hwqf-mxhp.json
CWE IDs: []
Alternative ID: N/A
Finding: F067
Auto approve: 1