Skip to content

Commit f41ba35

Browse files
github-actions[bot]github-actions[bot]
committed
Move new vulnerability to vulnerabilities/AIKIDO-2025-10425.json and reset new.json template
1 parent 9fdcc2b commit f41ba35

File tree

2 files changed

+38
-21
lines changed

2 files changed

+38
-21
lines changed

input/new.json

Lines changed: 12 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,15 @@
11
{
2-
"package_name": "sonic-rs",
3-
"patch_versions": [
4-
"0.5.2"
5-
],
6-
"vulnerable_ranges": [
7-
[
8-
"0.3.0",
9-
"0.5.1"
10-
]
11-
],
12-
"cwe": [
13-
"CWE-416"
14-
],
15-
"tldr": "Affected versions of this package have a Use-After-Free vulnerability in the `into_object_iter` function. If the `ObjectJsonIter` is dropped prematurely, borrowed keys become dangling pointers to freed memory. Accessing these keys can result in undefined behavior, including segmentation faults or data leaks. An attacker can exploit this by using crafted JSON input to retain keys after the iterator is destroyed, potentially causing crashes or enabling remote code execution.",
16-
"doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
17-
"how_to_fix": "Upgrade the `sonic-rs` library to the patch version.",
18-
"vulnerable_to": "Use After Free",
2+
"package_name": "",
3+
"patch_versions": [],
4+
"vulnerable_ranges": [],
5+
"cwe": [],
6+
"tldr": "",
7+
"doest_this_affect_me": "",
8+
"how_to_fix": "",
9+
"vulnerable_to": "",
1910
"related_cve_id": "",
20-
"language": "RUST",
21-
"severity_class": "HIGH",
22-
"aikido_score": 72,
23-
"changelog": "https://github.com/cloudwego/sonic-rs/releases/tag/0.5.2"
11+
"language": "",
12+
"severity_class": "",
13+
"aikido_score": 0,
14+
"changelog": ""
2415
}

vulnerabilities/AIKIDO-2025-10425.json

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
{
2+
"package_name": "sonic-rs",
3+
"patch_versions": [
4+
"0.5.2"
5+
],
6+
"vulnerable_ranges": [
7+
[
8+
"0.3.0",
9+
"0.5.1"
10+
]
11+
],
12+
"cwe": [
13+
"CWE-416"
14+
],
15+
"tldr": "Affected versions of this package have a Use-After-Free vulnerability in the `into_object_iter` function. If the `ObjectJsonIter` is dropped prematurely, borrowed keys become dangling pointers to freed memory. Accessing these keys can result in undefined behavior, including segmentation faults or data leaks. An attacker can exploit this by using crafted JSON input to retain keys after the iterator is destroyed, potentially causing crashes or enabling remote code execution.",
16+
"doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
17+
"how_to_fix": "Upgrade the `sonic-rs` library to the patch version.",
18+
"vulnerable_to": "Use After Free",
19+
"related_cve_id": "",
20+
"language": "RUST",
21+
"severity_class": "HIGH",
22+
"aikido_score": 72,
23+
"changelog": "https://github.com/cloudwego/sonic-rs/releases/tag/0.5.2",
24+
"last_modified": "2025-07-01",
25+
"published": "2025-07-01"
26+
}

0 commit comments

Comments
 (0)