Closed mend-bolt-for-github[bot] closed 2 years ago
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #657
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #657
CVE-2019-25004 - High Severity Vulnerability
Vulnerable Library - github.com/google/flatbuffers-v1.11.0
FlatBuffers: Memory Efficient Serialization Library
Dependency Hierarchy: - github.com/grafana/grafana-plugin-sdk-go-v0.19.0 (Root Library) - github.com/apache/arrow-apache-arrow-0.15.1 - :x: **github.com/google/flatbuffers-v1.11.0** (Vulnerable Library)
Found in HEAD commit: 3b956fc649fb80f3c2734d2976b6fce921c134b7
Found in base branch: datasource-meta
Vulnerability Details
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.
Publish Date: 2020-12-31
URL: CVE-2019-25004
CVSS 3 Score Details (9.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2019-0028.html
Release Date: 2020-12-31
Fix Resolution: 0.6.1
Step up your Open Source Security Game with WhiteSource here