RUSTSEC-2020-0038
on 2020-09-03: Memory safety issues in
compact::Vec
This crate has no reviews yet. To add a review, set up your cargo-crev.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.
To review the actual code of the crate, it's best to use cargo crev open ordnung. Alternatively, you can download the tarball of ordnung v0.0.1 or view the source online.
compact::Veccontains multiple memory safety issues.remove()is not panic-safe and causes double-free when an index larger than the length is provided.CVE-2020-35890
CVE-2020-35891
GHSA-4wj3-p7hj-cvx8
GHSA-qrwc-jxf5-g8x6