{
  "schema_version": "1.4.0",
  "id": "GHSA-c9rv-3jmq-527w",
  "modified": "2023-06-13T17:09:32Z",
  "published": "2021-08-25T20:49:50Z",
  "aliases": [
    "CVE-2020-35918"
  ],
  "summary": "Unexpected panic when decoding tokens in branca",
  "details": "Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding.\nThe documentation stated that an error should have been reported instead.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "branca"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.10.0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35918"
    },
    {
      "type": "WEB",
      "url": "https://github.com/return/branca/issues/24"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tuupola/branca-spec/issues/22"
    },
    {
      "type": "WEB",
      "url": "https://github.com/return/branca/commit/7da3274bd99b05dce9c3f9b4b129d0145c71820b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/return/branca"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0075.html"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T20:50:27Z",
    "nvd_published_at": "2020-12-31T09:15:00Z"
  }
}