GHSA-f2wx-xjfw-xjv6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f2wx-xjfw-xjv6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-f2wx-xjfw-xjv6/GHSA-f2wx-xjfw-xjv6.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-f2wx-xjfw-xjv6
- Published
- 2023-07-17T18:21:58Z
- Modified
- 2023-07-17T18:21:58Z
- Summary
- topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
- Details
-
Summary
https://github.com/advisories/GHSA-mc8h-8q98-g5hr https://github.com/XAMPPRocky/removedirall/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead
tempfilev0.4.26 ships with affectedremove_dir_allv0.5.3 and so blocks my deployment of v12 to openSUSE distribution because it imposes a cleancargo auditUpdating
tempfileis warranted - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-367" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2023-07-17T18:21:58Z" }- References
-
- https://github.com/topgrade-rs/topgrade/security/advisories/GHSA-f2wx-xjfw-xjv6
- https://github.com/XAMPPRocky/remove_dir_all/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead
- https://github.com/advisories/GHSA-mc8h-8q98-g5hr
- https://github.com/topgrade-rs/topgrade
- https://github.com/topgrade-rs/topgrade/releases/tag/v12.0.0
Affected packages
crates.io / topgrade
Package
- Name
- topgrade
- View open source insights on deps.dev
- Purl
- pkg:cargo/topgrade