{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","type":"deb","namespace":"debian","name":"rustc","version":"1.63.0+dfsg1-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0","latest_non_vulnerable_version":"1.95.0+dfsg1-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78026?format=json","vulnerability_id":"VCID-5cpx-9p6a-nqg3","summary":"tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory — and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33056"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131481","reference_id":"1131481","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131481"},{"reference_url":"https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446","reference_id":"17b1fd84e632071cb8eef9d3709bf347bd266446","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T12:59:15Z/"}],"url":"https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446"},{"reference_url":"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph","reference_id":"GHSA-j4xf-2g29-59ph","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T12:59:15Z/"}],"url":"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103382?format=json","purl":"pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2026-33056"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cpx-9p6a-nqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29983?format=json","vulnerability_id":"VCID-7t9b-p6u1-zqay","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5223","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5223"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rust-lang/cargo/pull/17031","reference_id":"17031","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:37Z/"}],"url":"https://github.com/rust-lang/cargo/pull/17031"},{"reference_url":"https://blog.rust-lang.org/2026/05/25/cve-2026-5223/","reference_id":"cve-2026-5223","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:37Z/"}],"url":"https://blog.rust-lang.org/2026/05/25/cve-2026-5223/"},{"reference_url":"https://groups.google.com/g/rustlang-security-announcements/c/IB74S7Yksg8","reference_id":"IB74S7Yksg8","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:37Z/"}],"url":"https://groups.google.com/g/rustlang-security-announcements/c/IB74S7Yksg8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2026-5223"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7t9b-p6u1-zqay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78299?format=json","vulnerability_id":"VCID-hgs9-6svh-rbcf","summary":"tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header. This is almost the inverse of the astral-tokio-tar issue. Any discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers. In this case, the tar-rs (Rust tar) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go archive/tar) unconditionally use the PAX size override. This can affect anything that uses the tar crate to parse archives and expects to have a consistent view with other parsers. This issue has been fixed in version 0.4.45.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33055","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33055"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131480","reference_id":"1131480","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131480"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135225","reference_id":"1135225","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135225"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2025-62518","reference_id":"CVERecord?id=CVE-2025-62518","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:43:55Z/"}],"url":"https://www.cve.org/CVERecord?id=CVE-2025-62518"},{"reference_url":"https://github.com/alexcrichton/tar-rs/commit/de1a5870e603758f430073688691165f21a33946","reference_id":"de1a5870e603758f430073688691165f21a33946","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:43:55Z/"}],"url":"https://github.com/alexcrichton/tar-rs/commit/de1a5870e603758f430073688691165f21a33946"},{"reference_url":"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff","reference_id":"GHSA-gchp-q4r4-x4ff","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:43:55Z/"}],"url":"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103382?format=json","purl":"pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2026-33055"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgs9-6svh-rbcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29982?format=json","vulnerability_id":"VCID-vtn5-dzvs-dke9","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5222"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rust-lang/cargo/pull/17031","reference_id":"17031","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:59Z/"}],"url":"https://github.com/rust-lang/cargo/pull/17031"},{"reference_url":"https://blog.rust-lang.org/2026/05/25/cve-2026-5222/","reference_id":"cve-2026-5222","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:59Z/"}],"url":"https://blog.rust-lang.org/2026/05/25/cve-2026-5222/"},{"reference_url":"https://groups.google.com/g/rustlang-security-announcements/c/SfUxOiIdY5s","reference_id":"SfUxOiIdY5s","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:59Z/"}],"url":"https://groups.google.com/g/rustlang-security-announcements/c/SfUxOiIdY5s"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2026-5222"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vtn5-dzvs-dke9"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4330?format=json","vulnerability_id":"VCID-1pfb-phv9-c3hu","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000657"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906585","reference_id":"906585","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906585"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103375?format=json","purl":"pkg:deb/debian/rustc@1.22.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.22.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-1000657"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pfb-phv9-c3hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206403?format=json","vulnerability_id":"VCID-2juy-fnfe-2baq","summary":"In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103377?format=json","purl":"pkg:deb/debian/rustc@1.29.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.29.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-25008"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2juy-fnfe-2baq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22467?format=json","vulnerability_id":"VCID-3z53-1ptg-pbe5","summary":"","references":[{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rust-lang/rust/pull/141864","reference_id":"141864","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/RE:L/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:21:57Z/"}],"url":"https://github.com/rust-lang/rust/pull/141864"},{"reference_url":"https://groups.google.com/g/rustlang-security-announcements/c/oT9zCvLLYkw","reference_id":"oT9zCvLLYkw","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/RE:L/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:21:57Z/"}],"url":"https://groups.google.com/g/rustlang-security-announcements/c/oT9zCvLLYkw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103378?format=json","purl":"pkg:deb/debian/rustc@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103381?format=json","purl":"pkg:deb/debian/rustc@1.89.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.89.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2025-11233"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3z53-1ptg-pbe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9337?format=json","vulnerability_id":"VCID-6mr8-hm6t-xbcv","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28877"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1802","reference_id":"AVG-1802","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1802"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-28877"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mr8-hm6t-xbcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9336?format=json","vulnerability_id":"VCID-7msz-7ewx-nbfb","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1801","reference_id":"AVG-1801","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1801"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-28876"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7msz-7ewx-nbfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9383?format=json","vulnerability_id":"VCID-8gx3-8bbx-sfa7","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29922"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-2263","reference_id":"AVG-2263","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2263"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-29922"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gx3-8bbx-sfa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183514?format=json","vulnerability_id":"VCID-8zvb-7fjt-sbfe","summary":"Multiple vulnerabilities have been found in Rust, the worst which\n    may allow local attackers to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000810"},{"reference_url":"https://security.gentoo.org/glsa/201812-11","reference_id":"GLSA-201812-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201812-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103376?format=json","purl":"pkg:deb/debian/rustc@1.30.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.30.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-1000810"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zvb-7fjt-sbfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4326?format=json","vulnerability_id":"VCID-a7x1-vvt4-7ubd","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000622"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201812-11","reference_id":"GLSA-201812-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201812-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103374?format=json","purl":"pkg:deb/debian/rustc@1.27.1%2Bdfsg1-1~exp1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.27.1%252Bdfsg1-1~exp1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-1000622"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7x1-vvt4-7ubd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9339?format=json","vulnerability_id":"VCID-c4jv-2hka-6bda","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1801","reference_id":"AVG-1801","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1801"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-28879"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4jv-2hka-6bda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9335?format=json","vulnerability_id":"VCID-ezcj-bzxs-n7hk","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28875"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1803","reference_id":"AVG-1803","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1803"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-28875"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezcj-bzxs-n7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5957?format=json","vulnerability_id":"VCID-fn8n-crap-gybg","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010299"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103376?format=json","purl":"pkg:deb/debian/rustc@1.30.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.30.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2019-1010299"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fn8n-crap-gybg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203841?format=json","vulnerability_id":"VCID-hnnm-v44n-rkcq","summary":"In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103369?format=json","purl":"pkg:deb/debian/rustc@1.2.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.2.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-20001"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnnm-v44n-rkcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205051?format=json","vulnerability_id":"VCID-khsy-xj1x-dub7","summary":"In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103373?format=json","purl":"pkg:deb/debian/rustc@1.19.0%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.19.0%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-20004"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khsy-xj1x-dub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11392?format=json","vulnerability_id":"VCID-kjwj-8a5h-5ygr","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21658"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202210-09","reference_id":"202210-09","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://security.gentoo.org/glsa/202210-09"},{"reference_url":"https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946","reference_id":"32ed6e599bb4722efefd78bbc9cd7ec4613cb946","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946"},{"reference_url":"https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf","reference_id":"406cc071d6cfdfdb678bf3d83d766851de95abaf","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf"},{"reference_url":"https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714","reference_id":"4f0ad1c92ca08da6e8dc17838070975762f59714","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/","reference_id":"7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/"},{"reference_url":"https://github.com/rust-lang/rust/pull/93110","reference_id":"93110","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://github.com/rust-lang/rust/pull/93110"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/","reference_id":"BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/","reference_id":"C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/","reference_id":"CKGTACKMKAPRDPWPTU26GYWBELIRFF5N","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/"},{"reference_url":"https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html","reference_id":"cve-2022-21658.html","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html"},{"reference_url":"https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2","reference_id":"GHSA-r9cc-f5pr-p3j2","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2"},{"reference_url":"https://support.apple.com/kb/HT213182","reference_id":"HT213182","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://support.apple.com/kb/HT213182"},{"reference_url":"https://support.apple.com/kb/HT213183","reference_id":"HT213183","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://support.apple.com/kb/HT213183"},{"reference_url":"https://support.apple.com/kb/HT213186","reference_id":"HT213186","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://support.apple.com/kb/HT213186"},{"reference_url":"https://support.apple.com/kb/HT213193","reference_id":"HT213193","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://support.apple.com/kb/HT213193"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103380?format=json","purl":"pkg:deb/debian/rustc@1.57.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.57.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2022-21658"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjwj-8a5h-5ygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8606?format=json","vulnerability_id":"VCID-kxhh-2md7-8qfr","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1804","reference_id":"AVG-1804","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1804"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2020-36317"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxhh-2md7-8qfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9338?format=json","vulnerability_id":"VCID-pf3b-7ywb-qfbd","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1801","reference_id":"AVG-1801","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1801"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-28878"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pf3b-7ywb-qfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9465?format=json","vulnerability_id":"VCID-s7w1-szx6-43es","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1801","reference_id":"AVG-1801","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1801"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-31162"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s7w1-szx6-43es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219065?format=json","vulnerability_id":"VCID-sdnh-958y-kkh1","summary":"The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103378?format=json","purl":"pkg:deb/debian/rustc@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12083"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdnh-958y-kkh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8607?format=json","vulnerability_id":"VCID-umjt-e5n5-tqhu","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36318","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36318"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1804","reference_id":"AVG-1804","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1804"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2020-36318"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umjt-e5n5-tqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10170?format=json","vulnerability_id":"VCID-vs8k-geyz-dbeb","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/01/1","reference_id":"1","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/11/01/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/02/10","reference_id":"10","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/11/02/10"},{"reference_url":"https://security.gentoo.org/glsa/202210-09","reference_id":"202210-09","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://security.gentoo.org/glsa/202210-09"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/01/4","reference_id":"4","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/11/01/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/01/5","reference_id":"5","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/11/01/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/01/6","reference_id":"6","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/11/01/6"},{"reference_url":"https://www.kb.cert.org/vuls/id/999008","reference_id":"999008","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.kb.cert.org/vuls/id/999008"},{"reference_url":"https://security.archlinux.org/AVG-2506","reference_id":"AVG-2506","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2506"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2RG5YTR6ZZOLUV3EUPZEIJR7XHJLVD/","reference_id":"IH2RG5YTR6ZZOLUV3EUPZEIJR7XHJLVD","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2RG5YTR6ZZOLUV3EUPZEIJR7XHJLVD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQNTFF24ROHLVPLUOEISBN3F7QM27L4U/","reference_id":"LQNTFF24ROHLVPLUOEISBN3F7QM27L4U","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQNTFF24ROHLVPLUOEISBN3F7QM27L4U/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUPA37D57VPTDLSXOOGF4UXUEADOC4PQ/","reference_id":"QUPA37D57VPTDLSXOOGF4UXUEADOC4PQ","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUPA37D57VPTDLSXOOGF4UXUEADOC4PQ/"},{"reference_url":"https://www.starwindsoftware.com/security/sw-20220804-0002/","reference_id":"sw-20220804-0002","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.starwindsoftware.com/security/sw-20220804-0002/"},{"reference_url":"https://www.unicode.org/reports/tr31/","reference_id":"tr31","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.unicode.org/reports/tr31/"},{"reference_url":"https://www.unicode.org/reports/tr36/","reference_id":"tr36","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.unicode.org/reports/tr36/"},{"reference_url":"https://www.unicode.org/reports/tr39/","reference_id":"tr39","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.unicode.org/reports/tr39/"},{"reference_url":"https://www.unicode.org/reports/tr9/tr9-44.html#HL4","reference_id":"tr9-44.html#HL4","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.unicode.org/reports/tr9/tr9-44.html#HL4"},{"reference_url":"https://www.scyon.nl/post/trojans-in-your-source-code","reference_id":"trojans-in-your-source-code","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.scyon.nl/post/trojans-in-your-source-code"},{"reference_url":"https://trojansource.codes","reference_id":"trojansource.codes","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://trojansource.codes"},{"reference_url":"http://www.unicode.org/versions/Unicode14.0.0/","reference_id":"Unicode14.0.0","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.unicode.org/versions/Unicode14.0.0/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103380?format=json","purl":"pkg:deb/debian/rustc@1.57.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.57.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-42574"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vs8k-geyz-dbeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8609?format=json","vulnerability_id":"VCID-weuw-52x6-f3hj","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1801","reference_id":"AVG-1801","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1801"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2020-36323"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-weuw-52x6-f3hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31539?format=json","vulnerability_id":"VCID-y983-dqp2-ekbh","summary":"Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. Windows removes trailing whitespace and periods when parsing file paths. For example, `.bat. .` is interpreted by Windows as `.bat`, but the original fix didn't check for that. Affected users who are using Rust 1.77.2 or greater can remove the trailing whitespace (ASCII 0x20) and trailing periods (ASCII 0x2E) from the batch file name to bypass the incomplete fix and enable the mitigations. Users are affected if their code or one of their dependencies invoke a batch script on Windows with trailing whitespace or trailing periods in the name, and pass untrusted arguments to it. Rust 1.81.0 will update the standard library to apply the CVE-2024-24576 mitigations to all batch files invocations, regardless of the trailing chars in the file name.","references":[{"reference_url":"https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html","reference_id":"cve-2024-24576.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/"}],"url":"https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html"},{"reference_url":"https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters","reference_id":"file-folder-name-whitespace-characters","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/"}],"url":"https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters"},{"reference_url":"https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj","reference_id":"GHSA-2xg3-7mm6-98jj","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/"}],"url":"https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103378?format=json","purl":"pkg:deb/debian/rustc@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-43402"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y983-dqp2-ekbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61773?format=json","vulnerability_id":"VCID-zyqh-u441-v7hm","summary":"Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.\n\nThe `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.\n\nOn Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.\n\nOne exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.\n\nDue to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process.\n\nThe fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.","references":[{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/09/16","reference_id":"16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/09/16"},{"reference_url":"https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput","reference_id":"enum.ErrorKind.html#variant.InvalidInput","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput"},{"reference_url":"https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh","reference_id":"GHSA-q455-m56c-85mh","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh"},{"reference_url":"https://github.com/rust-lang/rust/issues","reference_id":"issues","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://github.com/rust-lang/rust/issues"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N323QAEEUVTJ354BTVQ7UB6LYXUX2BCL/","reference_id":"N323QAEEUVTJ354BTVQ7UB6LYXUX2BCL","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N323QAEEUVTJ354BTVQ7UB6LYXUX2BCL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPH3PF7DVSS2LVIRLW254VWUPVKJN46P/","reference_id":"RPH3PF7DVSS2LVIRLW254VWUPVKJN46P","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPH3PF7DVSS2LVIRLW254VWUPVKJN46P/"},{"reference_url":"https://www.rust-lang.org/policies/security","reference_id":"security","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://www.rust-lang.org/policies/security"},{"reference_url":"https://doc.rust-lang.org/std/process/struct.Command.html","reference_id":"struct.Command.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://doc.rust-lang.org/std/process/struct.Command.html"},{"reference_url":"https://doc.rust-lang.org/std/process/struct.Command.html#method.arg","reference_id":"struct.Command.html#method.arg","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://doc.rust-lang.org/std/process/struct.Command.html#method.arg"},{"reference_url":"https://doc.rust-lang.org/std/process/struct.Command.html#method.args","reference_id":"struct.Command.html#method.args","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://doc.rust-lang.org/std/process/struct.Command.html#method.args"},{"reference_url":"https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg","reference_id":"trait.CommandExt.html#tymethod.raw_arg","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3/","reference_id":"W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103378?format=json","purl":"pkg:deb/debian/rustc@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-24576"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyqh-u441-v7hm"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"}