New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LRU v0.6.6 Security Advisory #749

Closed

ChosunOne opened this issue Jan 7, 2022 · 0 comments · Fixed by #751

ChosunOne commented Jan 7, 2022

In the rust package, lru version 0.6.6 has a security vulnerability.
See crate issue

= ID: RUSTSEC-2021-0130
= Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0130
= Lru crate has use after free vulnerability.

 Lru crate has two functions for getting an iterator. Both iterators give
 references to key and value. Calling specific functions, like pop(), will remove
 and free the value, and but it's still possible to access the reference of value
 which is already dropped causing use after free.

Resolution is to upgrade to version >= 0.7.1

The text was updated successfully, but these errors were encountered:

nazar-pc mentioned this issue

Update lru dependency to fix security vulnerability #751

Merged

nazar-pc closed this as completed in #751

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment