{"id":"RUSTSEC-2020-0075","summary":"Unexpected panic when decoding tokens","details":"Prior to `0.10.0` it was possible to have both decoding functions panic unexpectedly,\nby supplying tokens with an incorrect base62 encoding.\n\nThe documentation stated that an error should have been reported instead.","aliases":["CVE-2020-35918","GHSA-c9rv-3jmq-527w"],"modified":"2023-11-08T04:03:39.346637Z","published":"2020-11-29T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/branca"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0075.html"},{"type":"REPORT","url":"https://github.com/return/branca/issues/24"}],"affected":[{"package":{"name":"branca","ecosystem":"crates.io","purl":"pkg:cargo/branca"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.10.0"}]}],"ecosystem_specific":{"affects":{"arch":[],"os":[],"functions":["branca::Branca::decode","branca::decode"]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0075.json","informational":null,"cvss":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","categories":["denial-of-service"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}