refactor(bindings/bench): make harness own IO (#4847) #1
GitHub Actions / Security audit
failed
Dec 17, 2024 in 0s
Security advisories found
1 advisories
Details
Vulnerabilities
RUSTSEC-2024-0402
Borsh serialization of HashMap is non-canonical
| Details | |
|---|---|
| Package | hashbrown |
| Version | 0.15.0 |
| URL | rust-lang/hashbrown#576 |
| Date | 2024-10-11 |
| Patched versions | >=0.15.1 |
| Unaffected versions | <0.15.0 |
The borsh serialization of the HashMap did not follow the borsh specification.
It potentially produced non-canonical encodings dependent on insertion order.
It also did not perform canonicty checks on decoding.
This can result in consensus splits and cause equivalent objects to be
considered distinct.
This was patched in 0.15.1.
Loading