Open mend-for-github-com[bot] opened 2 years ago
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
Vulnerable Library - failure-0.1.8.crate
Experimental error handling abstraction.
Library home page: https://crates.io/api/v1/crates/failure/0.1.8/download
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Found in HEAD commit: 79c87f5e3280775e98dbb5333237c17aad7e2411
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-25575
### Vulnerable Library - failure-0.1.8.crateExperimental error handling abstraction.
Library home page: https://crates.io/api/v1/crates/failure/0.1.8/download
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy: - :x: **failure-0.1.8.crate** (Vulnerable Library)
Found in HEAD commit: 79c87f5e3280775e98dbb5333237c17aad7e2411
Found in base branch: master
### Vulnerability DetailsAn issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010
Publish Date: 2020-09-14
URL: CVE-2020-25575
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.70000005%
### CVSS 4 Score Details (9.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here.CVE-2019-25010
### Vulnerable Library - failure-0.1.8.crateExperimental error handling abstraction.
Library home page: https://crates.io/api/v1/crates/failure/0.1.8/download
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy: - :x: **failure-0.1.8.crate** (Vulnerable Library)
Found in HEAD commit: 79c87f5e3280775e98dbb5333237c17aad7e2411
Found in base branch: master
### Vulnerability DetailsAn issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden. Mend Note: Converted from WS-2019-0506, on 2021-01-19.
Publish Date: 2020-12-31
URL: CVE-2019-25010
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.2%
### CVSS 4 Score Details (9.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here.