GHSA-965h-392x-2mh5
ADVISORY - githubSummary
Name constraints for URI names were ignored and therefore accepted.
Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented. URI name constraints are now rejected unconditionally.
Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
Common Weakness Enumeration (CWE)
ADVISORY - github
Improper Certificate Validation
GitHub
CREATED
UPDATED
ADVISORY IDGHSA-965h-392x-2mh5
EXPLOITABILITY SCORE
0.7
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
2.2lowRustSec
CREATED
UPDATED
ADVISORY IDRUSTSEC-2026-0098
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-