GHSA-3jch-9qgp-4844: Generated code can read and write out of bounds in safe code
Code generated by flatbuffers’ compiler is unsafe
but not marked as such.
See https://github.com/google/flatbuffers/issues/6627 for details.
All users that use generated code by flatbuffers
compiler are recommended to:
- not expose flatbuffer generated code as part of their public APIs
- audit their code and look for any usage of
follow
,push
, or any method that uses them (e.g.self_follow
). - Carefuly go through the crates’ documentation to understand which “safe” APIs are not intended to be used.
References
Detect and mitigate GHSA-3jch-9qgp-4844 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →