You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2023-0045
Vulnerable Library - remove_dir_all-0.5.3.crate
A safe, reliable implementation of remove_dir_all for Windows
The remove_dir_all crate is a Rust library that offers additional features over the Rust standard library fs::remove_dir_all function. It suffers the same class of failure as the code it was layering over: TOCTOU race conditions, with the ability to cause arbitrary paths to be deleted by substituting a symlink for a path after the type of the path was checked.
Vulnerable Library - tonic-build-0.10.2.crate
Path to dependency file: /src/shippingservice/Cargo.toml
Path to vulnerable library: /src/shippingservice/Cargo.toml
Found in HEAD commit: de73c8b6e42eb87e8f3abc02dbfb4a71a6d2f028
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2023-0045
Vulnerable Library - remove_dir_all-0.5.3.crate
A safe, reliable implementation of remove_dir_all for Windows
Library home page: https://crates.io/api/v1/crates/remove_dir_all/0.5.3/download
Path to dependency file: /src/shippingservice/Cargo.toml
Path to vulnerable library: /src/shippingservice/Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: de73c8b6e42eb87e8f3abc02dbfb4a71a6d2f028
Found in base branch: main
Vulnerability Details
The remove_dir_all crate is a Rust library that offers additional features over the Rust standard library fs::remove_dir_all function. It suffers the same class of failure as the code it was layering over: TOCTOU race conditions, with the ability to cause arbitrary paths to be deleted by substituting a symlink for a path after the type of the path was checked.
Publish Date: 2023-02-24
URL: WS-2023-0045
CVSS 3 Score Details (9.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-mc8h-8q98-g5hr
Release Date: 2023-02-24
Fix Resolution: remove_dir_all - 0.8.0
The text was updated successfully, but these errors were encountered: