Headline

GHSA-f95p-4cv5-8w8x: linkme fails to ensure slice elements match the slice's declared type

Affected versions allow populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of type &&str could end up in a slice of type [&str], since &&str coerces to &str via a deref coercion.

The flaw was corrected by implementing typechecking for distributed slice elements in such a way that coercion no longer occurs. The element’s type must be a subtype of the slice’s declared element type.

23 days ago

ghsa

Open in Source

#vulnerability #web #git

Navigation Menu

- GitHub Copilot
  
  Write better code with AI
- Security
  
  Find and fix vulnerabilities
- Actions
  
  Automate any workflow
- Codespaces
  
  Instant dev environments
- Issues
  
  Plan and track work
- Code Review
  
  Manage code changes
- Discussions
  
  Collaborate outside of code
- Code Search
  
  Find more, search less

Explore
- Learning Pathways
- White papers, Ebooks, Webinars
- Customer Stories
- Partners
- Executive Insights
- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

- Enterprise platform
  
  AI-powered developer platform

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

GitHub Advisory Database
GitHub Reviewed
GHSA-f95p-4cv5-8w8x

linkme fails to ensure slice elements match the slice’s declared type

Low severity GitHub Reviewed Published Dec 4, 2024 to the GitHub Advisory Database

Package

cargo linkme (Rust)

Affected versions

< 0.3.24

Description

Affected versions allow populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of type &&str could end up in a slice of type [&str], since &&str coerces to &str via a deref coercion.

References