Rustlang @kbin.social Mr_Figtree @kbin.social 1y ago

Security advisory for Cargo (CVE-2023-38497) | Rust Blog

blog.rust-lang.org Security advisory for Cargo (CVE-2023-38497) | Rust Blog

Empowering everyone to build reliable and efficient software.

The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user.

Rust @programming.dev Arbitrary @reddthat.com 1y ago

Cargo CVE - Not respecting umask when extracting crates

blog.rust-lang.org /2023/08/03/cve-2023-38497.html

Rust: News @lemmyrs.org Mr_Figtree @kbin.social 1y ago

Security advisory for Cargo (CVE-2023-38497) | Rust Blog

blog.rust-lang.org /2023/08/03/cve-2023-38497.html

0 comments