VDB
CVE-2018-1000622
CVE-2018-1000622
PUBLISHED
Reported by mitre · Published July 9, 2018
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a |
Timeline
- Jul 5, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- GLSA-201812-11 vendor-advisoryx_refsource_GENTOO
- x_refsource_CONFIRM
- openSUSE-SU-2019:2203 vendor-advisoryx_refsource_SUSE
- openSUSE-SU-2019:2244 vendor-advisoryx_refsource_SUSE
- openSUSE-SU-2019:2294 vendor-advisoryx_refsource_SUSE