RustSec 漏洞安全咨询数据库

RustSec 漏洞安全咨询数据库是一个存储针对通过https://crates.io发布的Rust crates的漏洞安全咨询的仓库

咨询元数据以TOML格式存储，以便cargo-audit和其他自动化工具消费。

格式

每个咨询都以TOML格式包含信息

[advisory]
crate_name = "vulnerablecrate"

# Versions which were never vulnerable
unaffected_versions = ["< 1.1.0"]

# Versions which include fixes for this vulnerability
patched_versions = [">= 1.2.0"]

# It is strongly recommended to request a CVE, or alternatively a DWF, and
# reference the assigned number here.
# - CVE: https://iwantacve.org/
# - DWF: https://distributedweaknessfiling.org/
dwf = []
# dwf = ["CVE-YYYY-XXXX"]
# dwf = ["CVE-YYYY-XXXX", "CVE-ZZZZ-WWWW"]

# URL to a long-form description of this issue, e.g. a blogpost announcing
# the release or a changelog entry (optional)
url = false

# Single-line description of a vulnerability
title = "Flaw in X allows Y"

# Disclosure date of the advisory (RFC 3339)
date = "2017-02-25"

# Enter a short-form description of the vulnerability here (required)
description = """
Affected versions of this crate did not properly X.

This allows an attacker to Y.
 
The flaw was corrected by Z.
"""

许可证

此仓库中所有内容均置于公有领域。