GHSA-rc23-xxgq-x27g – wee_alloc

Package

Manager: cargo
Name: wee_alloc
Vulnerable Version: >=0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

wee_alloc is Unmaintained Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years ago.

Metadata

Created: 2022-09-16T17:18:28Z
Modified: 2022-09-16T17:18:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-rc23-xxgq-x27g/GHSA-rc23-xxgq-x27g.json
CWE IDs: []
Alternative ID: N/A
Finding: F115
Auto approve: 1