Open mend-bolt-for-github[bot] opened 2 years ago
FlatBuffers: Memory Efficient Serialization Library
Library home page: https://proxy.golang.org/github.com/google/flatbuffers/@v/v1.12.1.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy: - github.com/dgraph-io/badger/v3-v3.2103.2 (Root Library) - :x: **github.com/google/flatbuffers-v1.12.1** (Vulnerable Library)
Found in HEAD commit: 999f5d255a183e22a067e6411929924a0bacd65f
Found in base branch: main
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness. Mend Note: Converted from WS-2019-0298, on 2021-07-18.
Publish Date: 2020-12-31
URL: CVE-2019-25004
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2019-0028.html
Release Date: 2020-12-31
Fix Resolution: 0.6.1
Step up your Open Source Security Game with Mend here
CVE-2019-25004 - Critical Severity Vulnerability
FlatBuffers: Memory Efficient Serialization Library
Library home page: https://proxy.golang.org/github.com/google/flatbuffers/@v/v1.12.1.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy: - github.com/dgraph-io/badger/v3-v3.2103.2 (Root Library) - :x: **github.com/google/flatbuffers-v1.12.1** (Vulnerable Library)
Found in HEAD commit: 999f5d255a183e22a067e6411929924a0bacd65f
Found in base branch: main
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness. Mend Note: Converted from WS-2019-0298, on 2021-07-18.
Publish Date: 2020-12-31
URL: CVE-2019-25004
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2019-0028.html
Release Date: 2020-12-31
Fix Resolution: 0.6.1
Step up your Open Source Security Game with Mend here