New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security | Cargo Audit: watchexec-filterer-globset #1211

Open

Ebert-Hanke opened this issue Aug 15, 2024 · 0 comments

Assignees

Ebert-Hanke commented Aug 15, 2024

Running cargo-audit yields the following two security warnings:

Crate:     gix-fs
Version:   0.8.1
Title:     Traversal outside working tree enables arbitrary code execution
Date:      2024-05-22
ID:        RUSTSEC-2024-0350
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0350
Severity:  8.8 (high)
Solution:  Upgrade to >=0.11.0

Crate:     gix-ref
Version:   0.38.0
Title:     Refs and paths with reserved Windows device names access the devices
Date:      2024-05-22
ID:        RUSTSEC-2024-0351
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0351
Severity:  5.4 (medium)
Solution:  Upgrade to >=0.44.0

Both seem to be dependencies of the used crate watchexec-filterer-globset which is currently used at version 3.0.

If upgrading it to current version of 4.0 is possible, this should fix both security warnings.

The text was updated successfully, but these errors were encountered:

rm-dr self-assigned this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment