Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:cargo/cargo@0.67.0
Typecargo
Namespace
Namecargo
Version0.67.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.67.1
Latest_non_vulnerable_version0.72.2
Affected_by_vulnerabilities
0
url VCID-n4fu-fzu3-sbex
vulnerability_id VCID-n4fu-fzu3-sbex
summary 
Cargo did not verify SSH host keys
The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks.

This vulnerability has been assigned CVE-2022-46176.

## Overview

When an SSH client establishes communication with a server, to prevent MITM attacks the client should check whether it already communicated with that server in the past and what the server's public key was back then. If the key changed since the last connection, the connection must be aborted as a MITM attack is likely taking place.

It was discovered that Cargo never implemented such checks, and performed no validation on the server's public key, leaving Cargo users vulnerable to MITM attacks.

## Affected Versions

All Rust versions containing Cargo before 1.66.1 are vulnerable (prior to 0.67.1 for the crates.io package).

Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH.

## Mitigations

We will be releasing Rust 1.66.1 today, 2023-01-10, changing Cargo to check the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible.

Patch files for Rust 1.66.0 are also available [here][2] for custom-built toolchains.

For the time being Cargo will not ask the user whether to trust a server's public key during the first connection. Instead, Cargo will show an error message detailing how to add that public key to the list of trusted keys. Note that this might break your automated builds if the hosts you clone dependencies or indexes from are not already trusted.

If you can't upgrade to Rust 1.66.1 yet, we recommend configuring Cargo to use the `git` CLI instead of its built-in git support. That way, all git network operations will be performed by the `git` CLI, which is not affected by this vulnerability. You can do so by adding this snippet to your [Cargo configuration file](https://doc.rust-lang.org/cargo/reference/config.html):

```toml
[net]
git-fetch-with-cli = true
```

## Acknowledgments

Thanks to the Julia Security Team for disclosing this to us according to our [security policy][3]!

We also want to thank the members of the Rust project who contributed to fixing this issue. Thanks to Eric Huss and Weihang Lo for writing and reviewing the patch, Pietro Albini for coordinating the disclosure and writing this advisory, and Josh Stone, Josh Triplett and Jacob Finkelman for advising during the disclosure.

[1]: https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf
[2]: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176
[3]: https://www.rust-lang.org/policies/security
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46176.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46176.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-46176
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35363
published_at 2026-04-21T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35415
published_at 2026-04-18T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35428
published_at 2026-04-16T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35388
published_at 2026-04-13T12:55:00Z
4
value 0.00149
scoring_system epss
scoring_elements 0.35411
published_at 2026-04-12T12:55:00Z
5
value 0.00149
scoring_system epss
scoring_elements 0.35453
published_at 2026-04-11T12:55:00Z
6
value 0.00149
scoring_system epss
scoring_elements 0.35445
published_at 2026-04-09T12:55:00Z
7
value 0.00149
scoring_system epss
scoring_elements 0.3542
published_at 2026-04-08T12:55:00Z
8
value 0.00149
scoring_system epss
scoring_elements 0.35374
published_at 2026-04-07T12:55:00Z
9
value 0.00149
scoring_system epss
scoring_elements 0.35491
published_at 2026-04-04T12:55:00Z
10
value 0.00149
scoring_system epss
scoring_elements 0.35466
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-46176
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46176
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46176
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rust-lang/cargo
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rust-lang/cargo
5
reference_url https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:13Z/
url https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j
6
reference_url https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:13Z/
url https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176
7
reference_url https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-46176
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-46176
9
reference_url https://www.rust-lang.org/policies/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.rust-lang.org/policies/security
10
reference_url http://www.openwall.com/lists/oss-security/2023/11/05/6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:13Z/
url http://www.openwall.com/lists/oss-security/2023/11/05/6
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2160363
reference_id 2160363
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2160363
12
reference_url http://www.openwall.com/lists/oss-security/2023/11/06/5
reference_id 5
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:13Z/
url http://www.openwall.com/lists/oss-security/2023/11/06/5
13
reference_url https://github.com/advisories/GHSA-r5w3-xm58-jv6j
reference_id GHSA-r5w3-xm58-jv6j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r5w3-xm58-jv6j
14
reference_url https://security.gentoo.org/glsa/202409-07
reference_id GLSA-202409-07
reference_type
scores
url https://security.gentoo.org/glsa/202409-07
fixed_packages
0
url pkg:cargo/cargo@0.67.1
purl pkg:cargo/cargo@0.67.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/cargo@0.67.1
aliases CVE-2022-46176, GHSA-r5w3-xm58-jv6j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4fu-fzu3-sbex
Fixing_vulnerabilities
0
url VCID-r9ky-9nbm-yucw
vulnerability_id VCID-r9ky-9nbm-yucw
summary Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36113
reference_id
reference_type
scores
0
value 0.08941
scoring_system epss
scoring_elements 0.9256
published_at 2026-04-02T12:55:00Z
1
value 0.08941
scoring_system epss
scoring_elements 0.92607
published_at 2026-04-21T12:55:00Z
2
value 0.08941
scoring_system epss
scoring_elements 0.92604
published_at 2026-04-18T12:55:00Z
3
value 0.08941
scoring_system epss
scoring_elements 0.92605
published_at 2026-04-16T12:55:00Z
4
value 0.08941
scoring_system epss
scoring_elements 0.92592
published_at 2026-04-12T12:55:00Z
5
value 0.08941
scoring_system epss
scoring_elements 0.92591
published_at 2026-04-13T12:55:00Z
6
value 0.08941
scoring_system epss
scoring_elements 0.92586
published_at 2026-04-09T12:55:00Z
7
value 0.08941
scoring_system epss
scoring_elements 0.92581
published_at 2026-04-08T12:55:00Z
8
value 0.08941
scoring_system epss
scoring_elements 0.9257
published_at 2026-04-07T12:55:00Z
9
value 0.08941
scoring_system epss
scoring_elements 0.92567
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36113
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36113
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36113
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rust-lang/cargo
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rust-lang/cargo
4
reference_url https://github.com/rust-lang/cargo/commit/15f1e4b0bf4b4fc20369e0a85d9b77957c4dd52a
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rust-lang/cargo/commit/15f1e4b0bf4b4fc20369e0a85d9b77957c4dd52a
5
reference_url https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:37Z/
url https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a
6
reference_url https://github.com/rust-lang/cargo/commit/dafe4a7ea016739680ec7998aebe1bc6de131a5b
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rust-lang/cargo/commit/dafe4a7ea016739680ec7998aebe1bc6de131a5b
7
reference_url https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:37Z/
url https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36113
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36113
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021142
reference_id 1021142
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021142
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021143
reference_id 1021143
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021143
11
reference_url https://github.com/advisories/GHSA-rfj2-q3h3-hm5j
reference_id GHSA-rfj2-q3h3-hm5j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfj2-q3h3-hm5j
12
reference_url https://security.gentoo.org/glsa/202210-09
reference_id GLSA-202210-09
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202210-09
fixed_packages
0
url pkg:cargo/cargo@0.65.0
purl pkg:cargo/cargo@0.65.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/cargo@0.65.0
1
url pkg:cargo/cargo@0.67.0
purl pkg:cargo/cargo@0.67.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n4fu-fzu3-sbex
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/cargo@0.67.0
aliases CVE-2022-36113, GHSA-rfj2-q3h3-hm5j
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9ky-9nbm-yucw
1
url VCID-ssct-y25y-3qbw
vulnerability_id VCID-ssct-y25y-3qbw
summary Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36114
reference_id
reference_type
scores
0
value 0.0048
scoring_system epss
scoring_elements 0.65047
published_at 2026-04-02T12:55:00Z
1
value 0.0048
scoring_system epss
scoring_elements 0.65109
published_at 2026-04-21T12:55:00Z
2
value 0.0048
scoring_system epss
scoring_elements 0.65125
published_at 2026-04-18T12:55:00Z
3
value 0.0048
scoring_system epss
scoring_elements 0.65116
published_at 2026-04-16T12:55:00Z
4
value 0.0048
scoring_system epss
scoring_elements 0.6508
published_at 2026-04-13T12:55:00Z
5
value 0.0048
scoring_system epss
scoring_elements 0.65108
published_at 2026-04-12T12:55:00Z
6
value 0.0048
scoring_system epss
scoring_elements 0.65118
published_at 2026-04-11T12:55:00Z
7
value 0.0048
scoring_system epss
scoring_elements 0.65099
published_at 2026-04-09T12:55:00Z
8
value 0.0048
scoring_system epss
scoring_elements 0.65086
published_at 2026-04-08T12:55:00Z
9
value 0.0048
scoring_system epss
scoring_elements 0.65036
published_at 2026-04-07T12:55:00Z
10
value 0.0048
scoring_system epss
scoring_elements 0.65074
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36114
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36114
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36114
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rust-lang/cargo
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rust-lang/cargo
4
reference_url https://github.com/rust-lang/cargo/commit/2b68d3c07a4a056264dc006ecb9f1354a0679cd3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rust-lang/cargo/commit/2b68d3c07a4a056264dc006ecb9f1354a0679cd3
5
reference_url https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:35Z/
url https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7
6
reference_url https://github.com/rust-lang/cargo/commit/d87d57dbbda61754f4fab0f329a7ac520e062c46
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rust-lang/cargo/commit/d87d57dbbda61754f4fab0f329a7ac520e062c46
7
reference_url https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:35Z/
url https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36114
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36114
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021142
reference_id 1021142
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021142
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021143
reference_id 1021143
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021143
11
reference_url https://github.com/advisories/GHSA-2hvr-h6gw-qrxp
reference_id GHSA-2hvr-h6gw-qrxp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hvr-h6gw-qrxp
12
reference_url https://security.gentoo.org/glsa/202210-09
reference_id GLSA-202210-09
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202210-09
fixed_packages
0
url pkg:cargo/cargo@0.65.0
purl pkg:cargo/cargo@0.65.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/cargo@0.65.0
1
url pkg:cargo/cargo@0.67.0
purl pkg:cargo/cargo@0.67.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n4fu-fzu3-sbex
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/cargo@0.67.0
aliases CVE-2022-36114, GHSA-2hvr-h6gw-qrxp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ssct-y25y-3qbw
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:cargo/cargo@0.67.0