rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,652 Commits 21 Branches 0 Tags
main
Commit Graph

4 Commits

Author SHA1 Message Date
Alexis Mousset
84c633df9c Update aliases from GHSA OSV export (#1693) 2023-06-13 15:10:24 +02:00
Alexis Mousset
8c05fea5fa Add cvss information from nvd (#1085) 2021-10-19 16:14:35 -06:00
github-actions[bot]
0d2022a191 Assigned RUSTSEC-2021-0071 to grep-cli (#940) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-06-15 00:43:22 +02:00
Andrew Gallant
ec6dbf077c crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939) 
* crates/grep-cli: add advisory for arbitrary binary execution on Windows

Ref https://github.com/BurntSushi/ripgrep/issues/1773

* drop commented out field

* crates/grep-cli: add more details about mitigation

Instead of dancing around it, we just say it: the main issue is that
std::process::Command will resolve relative binary names with respect to
the CWD first, because it just uses the Windows API for this.

More specifically, we call out the two particular mitigations that are
now in place.

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-06-15 00:42:25 +02:00