Closed mend-bolt-for-github[bot] closed 1 year ago
Don't worry guys, hello-world is written in blazingly fast, configurable, lightweight and secure rust(🚀) - the CVEs are secure
this ^^^^^^^^^^^^
:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
:information_source: This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory.
:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
As 🚀rust🚀 is a 🚀lightweight🚀, 🚀customisable🚀 and 🚀blazingly fast🚀 programming language these vulnerabilities are payed actors, please ignore them, they are just nothing but (🤮C🤮)ringe nonesense, 🚀🚀🚀rust🚀🚀🚀 is the best language ever, no CVE here to be found, all 🚀memory safe🚀, 🚀customisable🚀 and 🚀lightweight🚀 code as there is no 🤮C🤮 in 🚀rust🚀 which stands for 🤮cringe🤮
Shouldn't we move to delete all security issues? They are clogging up my inbox, and taking too much space is antithetical to the ethos of Rust
1If I write in the languages of men or of angels, but do not have rust, I am only a resounding gong or a clanging cymbal. 2 If I have the gift of writing rust and can write all cat-clones and all ls-clones, and if I have a skill that lets me write functional OS, but do not use rust, I am nothing. 3 If I give all I possess to the people [through open source] and give over my sanity to debugging-nights that I may boast, but do not use rust, I gain nothing.
4 Rust is patient, rust is kind. It does not envy, it does not boast, it is not proud. 5 It does not dishonor others, it is not self-seeking, it is not easily angered, it keeps no record of wrongs. 6 Rust does not delight in evil but rejoices with the memory safety. 7 It always protects, always trusts, always hopes, always perseveres.
8 Rust never fails. But where there are projects, they will cease; where there are tongues, they will be stilled; where there is knowledge, it will pass away. 9 For we know in part and we write in part, 10 but when completeness comes, what is in part disappears. 11 When I was a noobie, I wrote like a noobie, I thought like a noobie, I reasoned like a noobie. When I became a rust dev, I put the ways of noobiness behind me. 12 For now we see only a reflection as in a mirror; then we shall see face to face. Now I know in part; then I shall know fully, even as I am fully known.
13 And now these three remain: rust, c and c++. But the greatest of these is rust.
Shouldn't we move to delete all security issues? They are clogging up my inbox, and taking too much space is antithetical to the ethos of Rust
You can mute github issues, in github settings or in the email itself, your client could so probably ignore them @vikramdurai
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
CVE-2021-38191 - Medium Severity Vulnerability
Vulnerable Library - tokio-0.2.25.crate
An event-driven, non-blocking I/O platform for writing asynchronous I/O backed applications.
Library home page: https://crates.io/api/v1/crates/tokio/0.2.25/download
Dependency Hierarchy: - webdriver-0.44.0.crate (Root Library) - :x: **tokio-0.2.25.crate** (Vulnerable Library)
Found in HEAD commit: a5a175063bd51fcbbce0eaba88d1b9b6ad315911
Found in base branch: master
Vulnerability Details
An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.
Publish Date: 2021-08-08
URL: CVE-2021-38191
CVSS 3 Score Details (5.9)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2021-0072.html
Release Date: 2021-08-08
Fix Resolution: tokio - 1.5.1,1.6.3,1.7.2, 1.8.1
Step up your Open Source Security Game with Mend here