Add advisory for branca (#497)

2026-01-03 01:56:41 +01:00 · 2020-11-29 15:51:25 +01:00
parent 6e4b3d1415
commit 19e7661dae
1 changed files with 23 additions and 0 deletions
--- a/crates/branca/RUSTSEC-0000-0000.md
+++ b/crates/branca/RUSTSEC-0000-0000.md
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "branca"
+date = "2020-11-29"
+url = "https://github.com/return/branca/issues/24"
+categories = ["denial-of-service"]
+keywords = ["decoding", "panic", "untrusted data"]
+
+[affected.functions]
+"branca::decode" = ["< 0.10.0"]
+"branca::Branca::decode" = ["< 0.10.0"]
+
+[versions]
+patched = [">= 0.10.0"]
+```
+
+# Unexpected panic when decoding tokens
+
+Prior to `0.10.0` it was possible to have both decoding functions panic unexpectedly,
+by supplying tokens with an incorrect base62 encoding.
+
+The documentation stated that an error should have been reported instead.