Home > Vulnerability Database > WS-2021-0417

Mend.io Vulnerability Database

WS-2021-0417

Good to know:

Date: November 3, 2024

Code generated by flatbuffers' compiler is unsafe but not marked as such. No patch is known for the issue. All users that use generated code by flatbuffers compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit their code and look for any usage of follow, push, or any method that uses them (e.g. self_follow). 3. Carefuly go through the crates' documentation to understand which "safe" APIs are not intended to be used.

Language: RUST

Severity Score

7.7

Related Resources (4)

Url: https://github.com/google/flatbuffers/issues/6627

Url: https://crates.io/crates/flatbuffers

Url: https://rustsec.org/advisories/RUSTSEC-2021-0122.html

Url: https://www.mend.io/vulnerability-database/WS-2021-0417

Severity Score

7.7

Weakness Type (CWE)

Code

CWE-17

Top Fix

Upgrade Version

Upgrade to version flatbuffers - 22.9.29

Learn More

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0417

Good to know:

Date: November 3, 2024

Language: RUST

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?