RUSTSEC-2021-0122: Generated code can read and write out of bounds in safe code
Opened this issue · 0 comments
github-actions commented
Generated code can read and write out of bounds in safe code
Details | |
---|---|
Package | flatbuffers |
Version | 2.0.0 |
URL | google/flatbuffers#6627 |
Date | 2021-10-31 |
Code generated by flatbuffers' compiler is unsafe
but not marked as such.
See google/flatbuffers#6627 for details.
All users that use generated code by flatbuffers
compiler are recommended to:
- not expose flatbuffer generated code as part of their public APIs
- audit their code and look for any usage of
follow
,push
, or any method that uses them
(e.g.self_follow
). - Carefuly go through the crates' documentation to understand which "safe" APIs are not
intended to be used.
See advisory page for additional details.