Skip to content

topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all

Low severity GitHub Reviewed Published Jul 15, 2023 in topgrade-rs/topgrade • Updated Jul 24, 2023

Package

cargo topgrade (Rust)

Affected versions

<= 12.0.0

Patched versions

12.0.1

Description

Summary

GHSA-mc8h-8q98-g5hr
XAMPPRocky/remove_dir_all@7247a8b

tempfile v0.4.26 ships with affected remove_dir_all v0.5.3 and so blocks my deployment of v12 to openSUSE distribution because it imposes a clean cargo audit

Updating tempfile is warranted

References

@SteveLauC SteveLauC published to topgrade-rs/topgrade Jul 15, 2023
Published to the GitHub Advisory Database Jul 17, 2023
Reviewed Jul 17, 2023
Last updated Jul 24, 2023

Severity

Low

EPSS score

Weaknesses

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-f2wx-xjfw-xjv6

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.