Skip to content

topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all

Low severity GitHub Reviewed Published Jul 15, 2023 in topgrade-rs/topgrade • Updated Jul 24, 2023

Package

cargo topgrade (Rust)

Affected versions

<= 12.0.0

Patched versions

12.0.1

Description

Summary

GHSA-mc8h-8q98-g5hr
XAMPPRocky/remove_dir_all@7247a8b

tempfile v0.4.26 ships with affected remove_dir_all v0.5.3 and so blocks my deployment of v12 to openSUSE distribution because it imposes a clean cargo audit

Updating tempfile is warranted

References

@SteveLauC SteveLauC published to topgrade-rs/topgrade Jul 15, 2023
Published to the GitHub Advisory Database Jul 17, 2023
Reviewed Jul 17, 2023
Last updated Jul 24, 2023

Severity

Low

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-f2wx-xjfw-xjv6

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.