Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-fjxf-bvwv-1qet
Summary
Unsoundness in anstream
When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80.

When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence.

This will produce a broken str from the incorrectly segmented bytes via str::from_utf8_unchecked, and that should never happen.

Full credit goes to @Ralith who reviewed this code and asked @burakemir to follow up.
Aliases
0
alias GHSA-2rxc-gjrp-vjhx
Fixed_packages
0
url pkg:cargo/anstream@0.6.8
purl pkg:cargo/anstream@0.6.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/anstream@0.6.8
Affected_packages
References
0
reference_url https://github.com/rust-cli/anstyle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rust-cli/anstyle
1
reference_url https://github.com/rust-cli/anstyle/issues/156
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rust-cli/anstyle/issues/156
2
reference_url https://rustsec.org/advisories/RUSTSEC-2024-0404.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2024-0404.html
3
reference_url https://github.com/advisories/GHSA-2rxc-gjrp-vjhx
reference_id GHSA-2rxc-gjrp-vjhx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rxc-gjrp-vjhx
Weaknesses
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-fjxf-bvwv-1qet