WS-2023-0045 #2930

chkeita · 2023-03-20T16:06:50Z

The remove_dir_all crate is a Rust library that offers additional features over the Rust standard library fs::remove_dir_all function. It suffers the same class of failure as the code it was layering over: TOCTOU race conditions, with the ability to cause arbitrary paths to be deleted by substituting a symlink for a path after the type of the path was checked.

AB#45317

chkeita added the bug Something isn't working label Mar 20, 2023

chkeita self-assigned this Mar 20, 2023

microsoft-github-policy-service bot added the Needs: triage label Mar 20, 2023

chkeita removed the Needs: triage label Mar 20, 2023

chkeita mentioned this issue Mar 20, 2023

Fix WS-2023-0045 #2931

Merged

chkeita closed this as completed in #2931 Mar 23, 2023

chkeita mentioned this issue Apr 3, 2023

Fix WS-2023-0045 and CVE-2023-0286 #2957

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2023-0045 #2930

WS-2023-0045 #2930

chkeita commented Mar 20, 2023 •

edited by azure-boards bot

Loading

WS-2023-0045 #2930

WS-2023-0045 #2930

Comments

chkeita commented Mar 20, 2023 • edited by azure-boards bot Loading

chkeita commented Mar 20, 2023 •

edited by azure-boards bot

Loading