CVE-2018-1000622
published 2018-07-09CVE-2018-1000622: The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rustc | < rustc 1.27.1+dfsg1-1~exp1 (bookworm) | rustc 1.27.1+dfsg1-1~exp1 (bookworm) |
| rust-lang | rust | 0.8 – 1.27.0 | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH