CVE-2022-45299: webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL

January 13, 2023 (updated January 23, 2023)

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.

References

github.com/advisories/GHSA-m589-mv4q-p7rj
github.com/amodm/webbrowser-rs
github.com/amodm/webbrowser-rs/commit/431b5139e274b7e456bea27e768aaa121b97be4c
github.com/amodm/webbrowser-rs/releases/tag/v0.8.3
github.com/offalltn/CVE-2022-45299
nvd.nist.gov/vuln/detail/CVE-2022-45299

Code Behaviors & Features

Detect and mitigate CVE-2022-45299 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →