Security advisory for Cargo (CVE-2023-38497) | Rust Blog
Security advisory for Cargo (CVE-2023-38497) | Rust Blog
blog.rust-lang.org Security advisory for Cargo (CVE-2023-38497) | Rust Blog
Empowering everyone to build reliable and efficient software.
The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user.
0
comments