GHSA-wq9x-qwcq-mmgf: Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year’s DEF CON was brought to our attention on the Diesel Gitter Channel:
References
- github.com/advisories/GHSA-wq9x-qwcq-mmgf
- github.com/diesel-rs/diesel
- github.com/diesel-rs/diesel/blob/ae82c4a5a133db65612b7436356f549bfecda1c7/diesel/src/pg/connection/stmt/mod.rs
- github.com/diesel-rs/diesel/commit/9eccd7d6d705ac53618bfd478152e32ec3b4536c
- github.com/diesel-rs/diesel/pull/4170
- rustsec.org/advisories/RUSTSEC-2024-0365.html
Detect and mitigate GHSA-wq9x-qwcq-mmgf with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →