Vulnerability identifier: #VU71491
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to Cargo does not perform SSH host key verification when cloning indexes and dependencies via SSH. A remote attacker can perform MitM attack.
Install updates from vendor's website.
Vulnerable software versions
Cargo: 0.0.1-pre - 0.67.0
Rust Programming Language: 1.0.0 - 1.66.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?