Giter VIP home page Giter VIP logo

rust-learnopengl's Introduction

rust-learnopengl's People

Contributors

aljen avatar dependabot[bot] avatar mend-bolt-for-github[bot] avatar

Watchers

avatar avatar

rust-learnopengl's Issues

CVE-2021-27378 (High) detected in rand_core-0.5.1.crate - autoclosed

CVE-2021-27378 - High Severity Vulnerability

Vulnerable Library - rand_core-0.5.1.crate

Core random number generator traits and tools for implementation.

Library home page: https://crates.io/api/v1/crates/rand_core/0.5.1/download

Dependency Hierarchy:

  • nalgebra-glm-0.10.0.crate (Root Library)
    • nalgebra-0.24.1.crate
      • rand-0.7.3.crate
        • rand_chacha-0.2.2.crate
          • โŒ rand_core-0.5.1.crate (Vulnerable Library)

Found in HEAD commit: cd84272f4b1d18e7e7711bae702cd39aba853d22

Found in base branch: master

Vulnerability Details

An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.

Publish Date: 2021-02-18

URL: CVE-2021-27378

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://rustsec.org/advisories/RUSTSEC-2021-0023.html

Release Date: 2021-02-18

Fix Resolution: rand_core - 0.6.2

Step up your Open Source Security Game with WhiteSource here

WS-2021-0149 (Medium) detected in nalgebra-0.27.0.crate - autoclosed

WS-2021-0149 - Medium Severity Vulnerability

Vulnerable Library - nalgebra-0.27.0.crate

General-purpose linear algebra library with transformations and statically-sized or dynamically-sized matrices.

Library home page: https://crates.io/api/v1/crates/nalgebra/0.27.0/download

Dependency Hierarchy:

  • nalgebra-glm-0.13.0.crate (Root Library)
    • โŒ nalgebra-0.27.0.crate (Vulnerable Library)

Found in base branch: master

Vulnerability Details

VecStorage Deserialize allows violation of length invariant in nalgebra before 0.27.1.

Publish Date: 2021-06-06

URL: WS-2021-0149

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://rustsec.org/advisories/RUSTSEC-2021-0070.html

Release Date: 2021-06-06

Fix Resolution: nalgebra - 0.27.1

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.