Skip to content

create rustsec advisory for wasmtime-wasi crate: wasmtime project's GHSA-4ch3-9j33-3pmj#2995

Open
pchickey wants to merge 1 commit into
rustsec:mainfrom
pchickey:wasmtime-GHSA-4ch3-9j33-3pmj
Open

create rustsec advisory for wasmtime-wasi crate: wasmtime project's GHSA-4ch3-9j33-3pmj#2995
pchickey wants to merge 1 commit into
rustsec:mainfrom
pchickey:wasmtime-GHSA-4ch3-9j33-3pmj

Conversation

@pchickey

@pchickey pchickey commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Affected crate(s)

  • wasmtime-wasi (7,781,543)

Links to upstream issue(s) or PR(s)

Fix in main bytecodealliance/wasmtime#13725
which contains links to all of the backports to release branches.

Security Advisory GHSA-4ch3-9j33-3pmj

Severity

Filesystem access control: bug permits write access to existing files in the filesystem where wasmtime-wasi was configured to provide read-only access, when wasmtime also provides a directory configured as read-write.

Checklist

  • Advisory filename(s) starts with RUSTSEC-0000-0000 as the ID
  • date field is set to the public disclosure date
  • Contains a concise and descriptive title after advisory metadata
  • Asked maintainer(s) if publishing an advisory is appropriate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pchickey