GHSA-255r-3prx-mf99: `rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8

March 22, 2023

It was found that Raw::from_utf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash.

References

github.com/3Hren/msgpack-rust
github.com/3Hren/msgpack-rust/issues/305
github.com/advisories/GHSA-255r-3prx-mf99
rustsec.org/advisories/RUSTSEC-2022-0092.html

Code Behaviors & Features

Detect and mitigate GHSA-255r-3prx-mf99 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →