Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-gch5-hwqf-mxhp: Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected.

The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box.

ghsa
Open in Source
#vulnerability#git

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-gch5-hwqf-mxhp

Unsoundness in `intern` methods on `intaglio` symbol interners

Low severity GitHub Reviewed Published Jul 27, 2023 to the GitHub Advisory Database • Updated Jul 27, 2023

Package

cargo intaglio (Rust)

Affected versions

< 1.9.0

Description

Affected versions of this crate have a stacked borrows violation when creating
references to interned contents. All interner types are affected.

The flaw was corrected in version 1.9.0 by reordering move and borrowing
operations and storing interned contents by raw pointer instead of as a Box.

References

  • artichoke/intaglio#236
  • https://rustsec.org/advisories/RUSTSEC-2023-0048.html

Published to the GitHub Advisory Database

Jul 27, 2023

Last updated

Jul 27, 2023

ghsa: Latest News

GHSA-qqwr-j9mm-fhw6: deno_doc's HTML generator vulnerable to Cross-site Scripting
ghsa