nostr:nprofile1qys8wumn8ghj7cmgdae82uewd45kketyd9kxwetj9e3k7mf6xs6rgtcppemhxue69uhkummn9ekx7mp0qqswuyd9ml6qcxd92h6pleptfrcqucvvjy39vg4wx7mv9wm8kakyujgjygks2, https://crates.io/crates/cargo-audit on gossip spits:
error: 1 vulnerability found!
warning: 7 allowed warnings found
FYI
Thanks
Interesting. The vulnerability is a TOCTOU one that I have a paper about:
But it is in a function that gossip isn't triggering . Gossip uses tempdir 0.3.7 which relies on an old remove_dir_all crate with the bug. But we don't call any remove directory functionality in tempdir, and tempdir hasn't been updated. So we are safe and can't even update right now if we wanted to.
Nostr: where you point out a vulnerability and the the recipient has a paper on it. Winning?
