Search CVE reports


Toggle filters

1 – 2 of 2 results


CVE-2023-38497

Medium priority

Some fixes available 6 of 11

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If...

3 affected packages

cargo, rust-cargo, rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Fixed Fixed Fixed Fixed
rust-cargo Vulnerable Fixed Not in release Ignored Ignored
rustc Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-46176

Medium priority

Some fixes available 4 of 8

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to...

2 affected packages

cargo, rust-cargo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Fixed Fixed Vulnerable Vulnerable
rust-cargo Not affected Vulnerable Not in release Not in release Ignored
Show less packages