RUSTSEC-2021-0122: Generated code can read and write out of bounds in safe code
Opened this issue · 0 comments
github-actions commented
Generated code can read and write out of bounds in safe code
| Details | |
|---|---|
| Package | flatbuffers |
| Version | 2.0.0 |
| URL | google/flatbuffers#6627 |
| Date | 2021-10-31 |
Code generated by flatbuffers' compiler is unsafe but not marked as such.
See google/flatbuffers#6627 for details.
All users that use generated code by flatbuffers compiler are recommended to:
- not expose flatbuffer generated code as part of their public APIs
- audit their code and look for any usage of
follow,push, or any method that uses them
(e.g.self_follow). - Carefuly go through the crates' documentation to understand which "safe" APIs are not
intended to be used.
See advisory page for additional details.