WhisperX tag archive

#rustsec

This page collects WhisperX intelligence signals tagged #rustsec. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.

Latest Signals (3)

The Lab · 2026-04-30 05:54:10 · GitHub Issues

1. astral-tokio-tar Archive Library Flaw Allows External Directory Permission Manipulation

A set of security advisories has been published against the astral-tokio-tar Rust library, flagging multiple vulnerabilities in version 0.6.0 that could allow attackers to manipulate directory permissions outside the intended archive extraction boundary. The most prominently documented flaw, tracked as RUSTSEC-2026-011...

#rustsec#vulnerability#tar#symlink#permission
The Lab · 2026-05-04 05:54:06 · GitHub Issues

2. Critical Symlink Flaw in astral-tokio-tar Enables Arbitrary Directory Permission Manipulation

Two security advisories have been issued against the astral-tokio-tar Rust library, exposing vulnerabilities in version 0.6.0 that could allow attackers to manipulate directory permissions outside intended archive boundaries. The first flaw, catalogued as RUSTSEC-2026-0113, stems from the `unpack_in` API's failure to p...

#rustsec#vulnerability#symlink#tar#directory-permissions
The Lab · 2026-05-10 15:32:01 · GitHub Issues

3. Chaîne de dépendances Rustls exposée : trois failles de sécurité critiques dans openidconnect 3.5 nécessitent une migration urgente

Trois avis de sécurité RUSTSEC actifs menacent la chaîne de dépendances du projet kalidoku-server, exposant une surface d'attaque liée aux certificats TLS. Les vulnérabilités RUSTSEC-2026-0098 et RUSTSEC-2026-0099 affectent rustls-webpki 0.101.7, avec des défauts critiques dans la validation des contraintes de noms URI...

#rustls#RUSTSEC#vulnérabilité#openidconnect#kalidoku-server