CVE-2023-38497: World writable files in crate #36
Description
$ find ~/.cargo/ -perm /002
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/.github/workflows/ci.yml
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/.gitignore
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/CHANGELOG.md
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/CONTRIBUTING.md
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/Cargo.toml.orig
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/LICENSE-APACHE
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/LICENSE-MIT
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/README.md
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/benches/benchmarks.rs
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/src/compiler.rs
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/src/error.rs
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/src/instruction.rs
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/src/lib.rs
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/src/syntax.rs
/home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tinytemplate-1.2.1/src/template.rsThis indicates that this crate has world writable permissions. This has been fixed in cargo (CVE-2023-38497), but that will not help for people using older versions of rust than 1.71.1 (e.g. stuck on old versions provided by their Linux distro, etc).
As such, it would be beneficial to fix this in the package as well.