N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-f2wx-xjfw-xjv6

GHSA-f2wx-xjfw-xjv6: topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all

Summary

https://github.com/advisories/GHSA-mc8h-8q98-g5hr https://github.com/XAMPPRocky/remove_dir_all/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead

tempfile v0.4.26 ships with affected remove_dir_all v0.5.3 and so blocks my deployment of v12 to openSUSE distribution because it imposes a clean cargo audit

Updating tempfile is warranted

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-f2wx-xjfw-xjv6

GHSA-f2wx-xjfw-xjv6:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
topgrade	rust	<= 12.0.0	12.0.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from path-based directory operations that didn't maintain consistent file handles. The commit patching this (7247a8b) introduced handle-relative operations through a new RemoveDir trait and fs_at crate integration. The vulnerable functions: 1) remove_dir_all_path - directly used path-based deletion without handle consistency 2) _remove_dir_contents_path - performed recursive deletion using path checks vulnerable to symlink swaps. Both were replaced in the patch with handle-based operations using open_dir_at and file descriptor-relative paths to prevent TOCTOU races.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-f2wx-xjfw-xjv6: topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all

Summary

GHSA-f2wx-xjfw-xjv6:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

N/A

N/A

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

GHSA-f2wx-xjfw-xjv6: topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all

Summary

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI