Google Git
Sign in
android / toolchain / cargo-deny / HEAD / . / tests / snapshots / advisories__downgrades_lint_levels.snap
blob: 54c5694ab4378b20a85a6db8d8900d92cc770b9b [file] [log] [blame]
---
source: tests/advisories.rs
expression: downgraded
---
[
{
"fields": {
"advisory": {
"aliases": [],
"categories": [],
"collection": "crates",
"cvss": null,
"date": "2016-09-10",
"description": "The `libusb` crate has not seen a release since September 2016, and its author\nis unresponsive.\n\nThe `rusb` crate is a maintained fork:\n\nhttps://github.com/a1ien/rusb",
"id": "RUSTSEC-2016-0004",
"informational": "unmaintained",
"keywords": [],
"license": "CC0-1.0",
"package": "libusb",
"references": [],
"related": [],
"source": null,
"title": "libusb is unmaintained; use rusb instead",
"url": "https://github.com/dcuddeback/libusb-rs/issues/33",
"withdrawn": null
},
"code": "unmaintained",
"graphs": [
{
"Krate": {
"name": "libusb",
"version": "0.3.0"
},
"parents": [
{
"Krate": {
"name": "advisories",
"version": "0.1.0"
}
}
]
}
],
"labels": [
{
"column": 1,
"line": 67,
"message": "unmaintained advisory detected",
"span": "libusb 0.3.0 registry+https://github.com/rust-lang/crates.io-index"
}
],
"message": "libusb is unmaintained; use rusb instead",
"notes": [
"ID: RUSTSEC-2016-0004",
"Advisory: https://rustsec.org/advisories/RUSTSEC-2016-0004",
"The `libusb` crate has not seen a release since September 2016, and its author\nis unresponsive.\n\nThe `rusb` crate is a maintained fork:\n\nhttps://github.com/a1ien/rusb",
"Announcement: https://github.com/dcuddeback/libusb-rs/issues/33",
"Solution: No safe upgrade is available!"
],
"severity": "note"
},
"type": "diagnostic"
},
{
"fields": {
"advisory": {
"aliases": [
"CVE-2019-15542",
"GHSA-5hp8-35wj-m525"
],
"categories": [],
"collection": "crates",
"cvss": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"date": "2019-04-27",
"description": "Affected versions of this crate did use recursion for serialization of HTML\nDOM trees.\n\nThis allows an attacker to cause abort due to stack overflow by providing\na pathologically nested input.\n\nThe flaw was corrected by serializing the DOM tree iteratively instead.",
"id": "RUSTSEC-2019-0001",
"informational": null,
"keywords": [
"stack-overflow",
"crash"
],
"license": "CC0-1.0",
"package": "ammonia",
"references": [],
"related": [],
"source": null,
"title": "Uncontrolled recursion leads to abort in HTML serialization",
"url": "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210",
"withdrawn": null
},
"code": "vulnerability",
"graphs": [
{
"Krate": {
"name": "ammonia",
"version": "0.7.0"
},
"parents": [
{
"Krate": {
"name": "advisories",
"version": "0.1.0"
}
}
]
}
],
"labels": [
{
"column": 1,
"line": 4,
"message": "security vulnerability detected",
"span": "ammonia 0.7.0 registry+https://github.com/rust-lang/crates.io-index"
}
],
"message": "Uncontrolled recursion leads to abort in HTML serialization",
"notes": [
"ID: RUSTSEC-2019-0001",
"Advisory: https://rustsec.org/advisories/RUSTSEC-2019-0001",
"Affected versions of this crate did use recursion for serialization of HTML\nDOM trees.\n\nThis allows an attacker to cause abort due to stack overflow by providing\na pathologically nested input.\n\nThe flaw was corrected by serializing the DOM tree iteratively instead.",
"Announcement: https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210",
"Solution: Upgrade to >=2.1.0 (try `cargo update -p ammonia`)"
],
"severity": "note"
},
"type": "diagnostic"
}
]