GHSA-c9rv-3jmq-527w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c9rv-3jmq-527w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-c9rv-3jmq-527w/GHSA-c9rv-3jmq-527w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-c9rv-3jmq-527w
- Aliases
- Published
- 2021-08-25T20:49:50Z
- Modified
- 2023-11-08T04:03:39.346637Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Unexpected panic when decoding tokens in branca
- Details
-
Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding. The documentation stated that an error should have been reported instead.
- Database specific
{ "nvd_published_at": "2020-12-31T09:15:00Z", "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-08-19T20:50:27Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-35918
- https://github.com/return/branca/issues/24
- https://github.com/tuupola/branca-spec/issues/22
- https://github.com/return/branca/commit/7da3274bd99b05dce9c3f9b4b129d0145c71820b
- https://github.com/return/branca
- https://rustsec.org/advisories/RUSTSEC-2020-0075.html
Affected packages
crates.io / branca
Package
- Name
- branca
- View open source insights on deps.dev
- Purl
- pkg:cargo/branca