CVE-2021-45702: Use After Free in tremor-script
(updated )
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free.
References
- github.com/advisories/GHSA-9qvw-46gf-4fv8
- github.com/tremor-rs/tremor-runtime/commit/1a2efcdbe68e5e7fd0a05836ac32d2cde78a0b2e
- github.com/tremor-rs/tremor-runtime/pull/1217
- nvd.nist.gov/vuln/detail/CVE-2021-45702
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/tremor-script/RUSTSEC-2021-0111.md
- rustsec.org/advisories/RUSTSEC-2021-0111.html
Detect and mitigate CVE-2021-45702 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →