2 known bugs in hashbrown, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | 0.15.0 | 0.15.1 | Borsh serialization of HashMap is non-canonical The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding.
This can result in consensus splits and cause equivalent objects to be considered distinct.
This was patched in 0.15.1. | fixed | osv:GHSA-wwq9-3cpr-mm53 |
| medium |
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/cargo/hashbrown| 0.15.0 |
| 0.15.1 |
Borsh serialization of HashMap is non-canonical The borsh serialization of the HashMap did not follow the borsh specification.
It potentially produced non-canonical encodings dependent on insertion order.
It also did not perform canonicty checks on decoding.
This can result in consensus splits and cause equivalent objects to be
considered distinct.
This was patched in 0.15.1. |
| fixed |
| osv:RUSTSEC-2024-0402 |