search

mTvare6 / hello-world.rs

🚀Memory safe, blazing fast, configurable, minimal hello world written in rust(🚀) in a few lines of code with few(1092🚀) dependencies🚀
Other
3.2k stars 1 forks source link

CVE-2021-38191 (Medium) detected in tokio-0.2.25.crate - autoclosed #165

Closed mend-bolt-for-github[bot] closed 1 year ago

mend-bolt-for-github[bot] commented 3 years ago

CVE-2021-38191 - Medium Severity Vulnerability

Vulnerable Library - tokio-0.2.25.crate

An event-driven, non-blocking I/O platform for writing asynchronous I/O backed applications.

Library home page: https://crates.io/api/v1/crates/tokio/0.2.25/download

Dependency Hierarchy: - webdriver-0.44.0.crate (Root Library) - :x: **tokio-0.2.25.crate** (Vulnerable Library)

Found in HEAD commit: a5a175063bd51fcbbce0eaba88d1b9b6ad315911

Found in base branch: master

Vulnerability Details

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.

Publish Date: 2021-08-08

URL: CVE-2021-38191

CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://rustsec.org/advisories/RUSTSEC-2021-0072.html

Release Date: 2021-08-08

Fix Resolution: tokio - 1.5.1,1.6.3,1.7.2, 1.8.1

Step up your Open Source Security Game with Mend here

TruncatedDinoSour commented 3 years ago

Don't worry guys, hello-world is written in blazingly fast, configurable, lightweight and secure rust(🚀) - the CVEs are secure

mTvare6 commented 3 years ago

this ^^^^^^^^^^^^

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

mend-bolt-for-github[bot] commented 2 years ago

:information_source: This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory.

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

mend-bolt-for-github[bot] commented 2 years ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

TruncatedDinoSour commented 2 years ago

As 🚀rust🚀 is a 🚀lightweight🚀, 🚀customisable🚀 and 🚀blazingly fast🚀 programming language these vulnerabilities are payed actors, please ignore them, they are just nothing but (🤮C🤮)ringe nonesense, 🚀🚀🚀rust🚀🚀🚀 is the best language ever, no CVE here to be found, all 🚀memory safe🚀, 🚀customisable🚀 and 🚀lightweight🚀 code as there is no 🤮C🤮 in 🚀rust🚀 which stands for 🤮cringe🤮

vikramdurai commented 2 years ago

Shouldn't we move to delete all security issues? They are clogging up my inbox, and taking too much space is antithetical to the ethos of Rust

mTvare6 commented 2 years ago
For what is rust? If no one asks me, I know. If I want to explain to asker, I don't know Quid est enim, ferrugo? Si nemo ex me quaerat, scio. Si quaerenti explicare velim, nescio
mTvare6 commented 2 years ago

1If I write in the languages of men or of angels, but do not have rust, I am only a resounding gong or a clanging cymbal. 2 If I have the gift of writing rust and can write all cat-clones and all ls-clones, and if I have a skill that lets me write functional OS, but do not use rust, I am nothing. 3 If I give all I possess to the people [through open source] and give over my sanity to debugging-nights that I may boast, but do not use rust, I gain nothing.

4 Rust is patient, rust is kind. It does not envy, it does not boast, it is not proud. 5 It does not dishonor others, it is not self-seeking, it is not easily angered, it keeps no record of wrongs. 6 Rust does not delight in evil but rejoices with the memory safety. 7 It always protects, always trusts, always hopes, always perseveres.

8 Rust never fails. But where there are projects, they will cease; where there are tongues, they will be stilled; where there is knowledge, it will pass away. 9 For we know in part and we write in part, 10 but when completeness comes, what is in part disappears. 11 When I was a noobie, I wrote like a noobie, I thought like a noobie, I reasoned like a noobie. When I became a rust dev, I put the ways of noobiness behind me. 12 For now we see only a reflection as in a mirror; then we shall see face to face. Now I know in part; then I shall know fully, even as I am fully known.

13 And now these three remain: rust, c and c++. But the greatest of these is rust.

TruncatedDinoSour commented 2 years ago

Shouldn't we move to delete all security issues? They are clogging up my inbox, and taking too much space is antithetical to the ethos of Rust

You can mute github issues, in github settings or in the email itself, your client could so probably ignore them @vikramdurai

mend-bolt-for-github[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.