All 6 CVE vulnerabilities found in cargo, with AI-generated Chinese analysis, references, and POCs.
Vendor: rust
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-40030 | Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports CWE-79 | 6.1 | Medium | 2023-08-24 |
| CVE-2023-38497 | Cargo not respecting umask when extracting crate archives CWE-278 | 7.8 | High | 2023-08-04 |
| CVE-2022-46176 | Cargo did not verify SSH host keys CWE-347 | 5.3 | Medium | 2023-01-11 |
| CVE-2022-36113 | Extracting malicious crates can corrupt arbitrary files CWE-22 | 4.6 | Medium | 2022-09-14 |
| CVE-2022-36114 | Extracting malicious crates can fill the file system CWE-400 | 4.8 | Medium | 2022-09-14 |
| CVE-2019-16760 | Cargo prior to Rust 1.26.0 may download the wrong dependency CWE-16 | 4.6 | Medium | 2019-09-30 |
All 6 known CVE vulnerabilities affecting cargo with full Chinese analysis, references, and POCs where available.