GitHub Actions / Security audit
failed
Jan 6, 2026 in 0s
Security advisories found
1 advisories
Details
Vulnerabilities
RUSTSEC-2025-0140
Non-utf8 String can be created with
TimeBuf::as_str
| Details | |
|---|---|
| Package | gix-date |
| Version | 0.10.2 |
| URL | GitoxideLabs/gitoxide#2305 |
| Date | 2025-12-29 |
| Patched versions | >=0.12.0 |
The function gix_date::parse::TimeBuf::as_str can create an illegal string containing non-utf8 characters. This violates the safety invariant of TimeBuf and can lead to undefined behavior when consuming the string.
The bug can be prevented by adding str::from_utf8 to the function TimeBuf::write.
Loading