pkg:crates.io/cargo

所有已知漏洞

• HIGH7.9CVE-2023-38497Cargo not respecting umask when extracting crate archives
  from 0, < 0.72.2
• HIGH7.5CVE-2019-16760Cargo prior to Rust 1.26.0 may download the wrong dependency
  from 0, < 0.27.0
• MEDIUM6.1CVE-2023-40030Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
  >= 1.60.0, < 1.72
• MEDIUM5.3CVE-2022-46176Cargo did not verify SSH host keys
  from 0, < 0.67.1
• MEDIUM4.2CVE-2022-36114Cargo extracting malicious crates can fill the file system
  from 0, < 0.65.0
• LOW3.9CVE-2022-36113Cargo extracting malicious crates can corrupt arbitrary files
  from 0, < 0.65.0