CVE-2018-20999: Flaw in streaming state in orion

August 25, 2021 (updated June 13, 2023)

Affected versions of this crate did not properly reset a streaming state. Resetting a streaming state, without finalising it first, creates incorrect results. The flaw was corrected by not first checking if the state had already been reset, when calling reset().

References

github.com/advisories/GHSA-gffv-5hr2-f9gj
github.com/brycx/orion
github.com/brycx/orion/issues/46
nvd.nist.gov/vuln/detail/CVE-2018-20999
rustsec.org/advisories/RUSTSEC-2018-0012.html

Detect and mitigate CVE-2018-20999 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →