Fluid Attacks Database

Description

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	rustc	>=0 <1.27.1+dfsg1-1~exp1	1.27.1+dfsg1-1~exp1
debian 11	rustc	>=0 <1.27.1+dfsg1-1~exp1	1.27.1+dfsg1-1~exp1
debian 12	rustc	>=0 <1.27.1+dfsg1-1~exp1	1.27.1+dfsg1-1~exp1
debian 14	rustc	>=0 <1.27.1+dfsg1-1~exp1	1.27.1+dfsg1-1~exp1

Aliases

1. CVE-2018-10006222. NVD-2018-10006223. OSV-DEBIAN-2018-10006224. OSV-2018-10006225. SECURITY-TRACKER-CVE-2018-1000622

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.